tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 5753

 
 
 

Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)

Part 3 of 3, p. 33 to 61
Prev RFC Part

 


prevText      Top      Up      ToC       Page 33 
11.  References

11.1.  Normative References

   [CMS]          Housley, R., "Cryptographic Message Syntax (CMS)", RFC
                  5652, September 2009.

   [CMS-AES]      Schaad, J., "Use of the Advanced Encryption Standard
                  (AES) Encryption Algorithm in Cryptographic Message
                  Syntax (CMS)", RFC 3565, July 2003.

   [CMS-AESCG]    Housley, R., "Using AES-CCM and AES-GCM Authenticated
                  Encryption in the Cryptographic Message Syntax (CMS)",
                  RFC 5084, December 2007.

   [CMS-ALG]      Housley, R., "Cryptographic Message Syntax (CMS)
                  Algorithms", RFC 3370, August 2002.

   [CMS-AUTHENV]  Housley, R., "Cryptographic Message Syntax (CMS)
                  Authenticated-Enveloped-Data Content Type", RFC 5083,
                  November 2007.

   [CMS-DH]       Rescorla, E., "Diffie-Hellman Key Agreement Method",
                  RFC 2631, June 1999.

   [CMS-SHA2]     Turner, S., "Using SHA2 Algorithms with Cryptographic
                  Message Syntax", RFC 5754, January 2010.

   [FIPS180-3]    National Institute of Standards and Technology (NIST),
                  FIPS Publication 180-3: Secure Hash Standard, October
                  2008.

   [FIPS186-3]    National Institute of Standards and Technology (NIST),
                  FIPS Publication 186-3: Digital Signature Standard,
                  June 2009.

Top      Up      ToC       Page 34 
   [HMAC-SHA2]    Nystrom, M., "Identifiers and Test Vectors for HMAC-
                  SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-
                  SHA-512", RFC 4231, December 2005.

   [MUST]         Bradner, S., "Key words for use in RFCs to Indicate
                  Requirement Levels", BCP 14, RFC 2119, March 1997.

   [MSG]          Ramsdell, B. and S. Turner, "Secure/Multipurpose
                  Internet Mail Extensions (S/MIME) Version 3.2 Message
                  Specification", RFC 5751, January 2010.

   [PKI]          Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
                  Housley, R., and W. Polk, "Internet X.509 Public Key
                  Infrastructure Certificate and Certificate Revocation
                  List (CRL) Profile", RFC 5280, May 2008.

   [PKI-ALG]      Turner, S., Brown, D., Yiu, K., Housley, R., and T.
                  Polk, "Elliptic Curve Cryptography Subject Public Key
                  Information", RFC 5480, March 2009.

   [RANDOM]       Eastlake, D., 3rd, Schiller, J., and S. Crocker,
                  "Randomness Requirements for Security", BCP 106, RFC
                  4086, June 2005.

   [RSAOAEP]      Schaad, J., Kaliski, B., and R. Housley, "Additional
                  Algorithms and Identifiers for RSA Cryptography for
                  use in the Internet X.509 Public Key Infrastructure
                  Certificate and Certificate Revocation List (CRL)
                  Profile", RFC 4055, June 2005.

   [SEC1]         Standards for Efficient Cryptography Group, "SEC 1:
                  Elliptic Curve Cryptography", version 2.0, May 2009,
                  available from www.secg.org.

   [SP800-56A]    National Institute of Standards and Technology (NIST),
                  Special Publication 800-56A: Recommendation Pair-Wise
                  Key Establishment Schemes Using Discrete Logarithm
                  Cryptography (Revised), March 2007.

   [X.680]        ITU-T Recommendation X.680 (2002) | ISO/IEC
                  8824-1:2002. Information Technology - Abstract Syntax
                  Notation One.

Top      Up      ToC       Page 35 
11.2.  Informative References

   [BON]          D. Boneh, "The Security of Multicast MAC",
                  Presentation at Selected Areas of Cryptography 2000,
                  Center for Applied Cryptographic Research, University
                  of Waterloo, 2000.  Paper version available from
                  http://crypto.stanford.edu/~dabo/papers/mmac.ps

   [CERTCAP]      Santesson, S., "X.509 Certificate Extension for
                  Secure/Multipurpose Internet Mail Extensions (S/MIME)
                  Capabilities", RFC 4262, December 2005.

   [CMS-ASN]      Hoffman, P. and J. Schaad, "New ASN.1 Modules for CMS
                  and S/MIME", Work in Progress, August 2009.

   [CMS-ECC]      Blake-Wilson, S., Brown, D., and P. Lambert, "Use of
                  Elliptic Curve Cryptography (ECC) Algorithms in
                  Cryptographic Message Syntax (CMS)", RFC 3278, April
                  2002.

   [CMS-KEA]      Pawling, J., "Use of the KEA and SKIPJACK Algorithms
                  in CMS", RFC 2876, July 2000.

   [K]            B. Kaliski, "MQV Vulnerability", Posting to ANSI X9F1
                  and IEEE P1363 newsgroups, 1998.

   [PKI-ASN]      Hoffman, P. and J. Schaad, "New ASN.1 Modules for
                  PKIX", Work in Progress, August 2009.

   [SP800-57]     National Institute of Standards and Technology (NIST),
                  Special Publication 800-57: Recommendation for Key
                  Management - Part 1 (Revised), March 2007.

   [X.681]        ITU-T Recommendation X.681 (2002) | ISO/IEC
                  8824-2:2002. Information Technology - Abstract Syntax
                  Notation One: Information Object Specification.

   [X.682]        ITU-T Recommendation X.682 (2002) | ISO/IEC
                  8824-3:2002. Information Technology - Abstract Syntax
                  Notation One: Constraint Specification.

   [X.683]        ITU-T Recommendation X.683 (2002) | ISO/IEC
                  8824-4:2002. Information Technology - Abstract Syntax
                  Notation One: Parameterization of ASN.1
                  Specifications, 2002.

Top      Up      ToC       Page 36 
   [X9.62]        X9.62-2005, "Public Key Cryptography for the Financial
                  Services Industry: The Elliptic Curve Digital
                  Signature Standard (ECDSA)", November, 2005.

Top      Up      ToC       Page 37 
Appendix A.   ASN.1 Modules

   Appendix A.1 provides the normative ASN.1 definitions for the
   structures described in this specification using ASN.1 as defined in
   [X.680] for compilers that support the 1988 ASN.1.

   Appendix A.2 provides informative ASN.1 definitions for the
   structures described in this specification using ASN.1 as defined in
   [X.680], [X.681], [X.682], and [X.683] for compilers that support the
   2002 ASN.1.  This appendix contains the same information as Appendix
   A.1 in a more recent (and precise) ASN.1 notation; however, Appendix
   A.1 takes precedence in case of conflict.

A.1.  1988 ASN.1 Module

   CMSECCAlgs-2009-88
     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) modules(0) id-mod-cms-ecc-alg-2009-88(45) }

   DEFINITIONS IMPLICIT TAGS ::=

   BEGIN

   -- EXPORTS ALL

   IMPORTS

   -- From [PKI]

   AlgorithmIdentifier
     FROM PKIX1Explicit88
       { iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5) pkix(7) mod(0)
         pkix1-explicit(18) }

   -- From [RSAOAEP]

   id-sha224, id-sha256, id-sha384, id-sha512
     FROM PKIX1-PSS-OAEP-Algorithms
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-pkix1-rsa-pkalgs(33) }

Top      Up      ToC       Page 38 
   -- From [PKI-ALG]

   id-sha1, ecdsa-with-SHA1, ecdsa-with-SHA224,
   ecdsa-with-SHA256, ecdsa-with-SHA384, ecdsa-with-SHA512,
   id-ecPublicKey, ECDSA-Sig-Value, ECPoint, ECParameters
     FROM PKIX1Algorithms2008
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0) 45 }

   -- From [CMS]

   OriginatorPublicKey, UserKeyingMaterial
     FROM CryptographicMessageSyntax2004
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) cms-2004(24) }

   -- From [CMS-ALG]

   hMAC-SHA1, des-ede3-cbc, id-alg-CMS3DESwrap, CBCParameter
     FROM CryptographicMessageSyntaxAlgorithms
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) cmsalg-2001(16) }

   -- From [CMS-AES]

   id-aes128-CBC, id-aes192-CBC, id-aes256-CBC, AES-IV,
   id-aes128-wrap, id-aes192-wrap, id-aes256-wrap
     FROM CMSAesRsaesOaep
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-cms-aes(19) }

   -- From [CMS-AESCG]

   id-aes128-CCM, id-aes192-CCM, id-aes256-CCM, CCMParameters
   id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, GCMParameters
     FROM CMS-AES-CCM-and-AES-GCM
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-cms-aes(32) }

   ;

   --
   -- Message Digest Algorithms: Imported from [PKI-ALG] and [RSAOAEP]
   --

   -- id-sha1 Parameters are preferred absent
   -- id-sha224 Parameters are preferred absent
   -- id-sha256 Parameters are preferred absent

Top      Up      ToC       Page 39 
   -- id-sha384 Parameters are preferred absent
   -- id-sha512 Parameters are preferred absent

   --
   -- Signature Algorithms: Imported from [PKI-ALG]
   --

   -- ecdsa-with-SHA1 Parameters are NULL
   -- ecdsa-with-SHA224 Parameters are absent
   -- ecdsa-with-SHA256 Parameters are absent
   -- ecdsa-with-SHA384 Parameters are absent
   -- ecdsa-with-SHA512 Parameters are absent

   -- ECDSA Signature Value
   -- Contents of SignatureValue OCTET STRING

   -- ECDSA-Sig-Value ::= SEQUENCE {
   --   r  INTEGER,
   --   s  INTEGER
   -- }

   --
   -- Key Agreement Algorithms
   --

   x9-63-scheme OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) tc68(133) country(16) x9(840)
     x9-63(63) schemes(0) }
   secg-scheme OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) schemes(1) }

   --
   -- Diffie-Hellman Single Pass, Standard, with KDFs
   --

   -- Parameters are always present and indicate the key wrap algorithm
   -- with KeyWrapAlgorithm.

   dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
     x9-63-scheme 2 }

   dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 11 0 }

   dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 11 1 }

Top      Up      ToC       Page 40 
   dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 11 2 }

   dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 11 3 }

   --
   -- Diffie-Hellman Single Pass, Cofactor, with KDFs
   --

   dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
     x9-63-scheme 3 }

   dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 14 0 }

   dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 14 1 }

   dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 14 2 }

   dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 14 3 }

   --
   -- MQV Single Pass, Cofactor, with KDFs
   --

   mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= {
     x9-63-scheme 16 }

   mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 15 0 }

   mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 15 1 }

   mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 15 2 }

   mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 15 3 }

   --
   -- Key Wrap Algorithms: Imported from [CMS-ALG] and [CMS-AES]
   --

Top      Up      ToC       Page 41 
   KeyWrapAlgorithm ::= AlgorithmIdentifier

   -- id-alg-CMS3DESwrap Parameters are NULL
   -- id-aes128-wrap Parameters are absent
   -- id-aes192-wrap Parameters are absent
   -- id-aes256-wrap Parameters are absent

   --
   -- Content Encryption Algorithms: Imported from [CMS-ALG]
   -- and [CMS-AES]
   --

   -- des-ede3-cbc Parameters are CBCParameter
   -- id-aes128-CBC Parameters are AES-IV
   -- id-aes192-CBC Parameters are AES-IV
   -- id-aes256-CBC Parameters are AES-IV
   -- id-aes128-CCM Parameters are CCMParameters
   -- id-aes192-CCM Parameters are CCMParameters
   -- id-aes256-CCM Parameters are CCMParameters
   -- id-aes128-GCM Parameters are GCMParameters
   -- id-aes192-GCM Parameters are GCMParameters
   -- id-aes256-GCM Parameters are GCMParameters

   --
   -- Message Authentication Code Algorithms
   --

   -- hMAC-SHA1 Parameters are preferred absent

   -- HMAC with SHA-224, SHA-256, SHA_384, and SHA-512 Parameters are
   -- absent

   id-hmacWithSHA224 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)
     digestAlgorithm(2) 8 }

   id-hmacWithSHA256 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)
     digestAlgorithm(2) 9 }

   id-hmacWithSHA384 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)
     digestAlgorithm(2) 10 }

   id-hmacWithSHA512 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)
     digestAlgorithm(2) 11 }

Top      Up      ToC       Page 42 
   --
   -- Originator Public Key Algorithms: Imported from [PKI-ALG]
   --

   -- id-ecPublicKey Parameters are absent, NULL, or ECParameters

   -- Format for both ephemeral and static public keys: Imported from
   -- [PKI-ALG]

   -- ECPoint ::= OCTET STRING

   -- ECParameters ::= CHOICE {
   --   namedCurve      OBJECT IDENTIFIER
   --   commented out in [PKI-ALG]  implicitCurve   NULL
   --   commented out in [PKI-ALG]  specifiedCurve  SpecifiedECDomain
   --   commented out in [PKI-ALG]  ...
   -- }
       -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
       -- Details for SpecifiedECDomain can be found in [X9.62].
       -- Any future additions to this CHOICE should be coordinated
       -- with ANSI X9.

   -- Format of KeyAgreeRecipientInfo ukm field when used with
   -- ECMQV

   MQVuserKeyingMaterial ::= SEQUENCE {
     ephemeralPublicKey       OriginatorPublicKey,
     addedukm             [0] EXPLICIT UserKeyingMaterial OPTIONAL
   }

   -- 'SharedInfo' for input to KDF when using ECDH and ECMQV with
   -- EnvelopedData, AuthenticatedData, or AuthEnvelopedData

   ECC-CMS-SharedInfo ::= SEQUENCE {
     keyInfo         AlgorithmIdentifier,
     entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
     suppPubInfo [2] EXPLICIT OCTET STRING
   }

   --
   -- S/MIME Capabilities
   -- An identifier followed by type.
   --

Top      Up      ToC       Page 43 
   --
   -- S/MIME Capabilities: Message Digest Algorithms
   --

   -- Found in [CMS-SHA2].

   --
   -- S/MIME Capabilities: Signature Algorithms
   --

   -- ecdsa-with-SHA1 Type NULL
   -- ecdsa-with-SHA224 Type absent
   -- ecdsa-with-SHA256 Type absent
   -- ecdsa-with-SHA384 Type absent
   -- ecdsa-with-SHA512 Type absent

   --
   -- S/MIME Capabilities: ECDH, Single Pass, Standard
   --

   -- dhSinglePass-stdDH-sha1kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-stdDH-sha224kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-stdDH-sha256kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-stdDH-sha384kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-stdDH-sha512kdf Type is the KeyWrapAlgorithm


   --
   -- S/MIME Capabilities: ECDH, Single Pass, Cofactor
   --

   -- dhSinglePass-cofactorDH-sha1kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-cofactorDH-sha224kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-cofactorDH-sha256kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-cofactorDH-sha384kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-cofactorDH-sha512kdf Type is the KeyWrapAlgorithm

   --
   -- S/MIME Capabilities: ECMQV, Single Pass, Standard
   --

   -- mqvSinglePass-sha1kdf Type is the KeyWrapAlgorithm
   -- mqvSinglePass-sha224kdf Type is the KeyWrapAlgorithm
   -- mqvSinglePass-sha256kdf Type is the KeyWrapAlgorithm
   -- mqvSinglePass-sha384kdf Type is the KeyWrapAlgorithm
   -- mqvSinglePass-sha512kdf Type is the KeyWrapAlgorithm

Top      Up      ToC       Page 44 
   --
   -- S/MIME Capabilities: Message Authentication Code Algorithms
   --

   -- hMACSHA1 Type is preferred absent
   -- id-hmacWithSHA224 Type is absent
   -- if-hmacWithSHA256 Type is absent
   -- id-hmacWithSHA384 Type is absent
   -- id-hmacWithSHA512 Type is absent

   END

Top      Up      ToC       Page 45 
A.2.  2004 ASN.1 Module

CMSECCAlgs-2009-02
  { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
    smime(16) modules(0) id-mod-cms-ecc-alg-2009-02(46) }

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

-- EXPORTS ALL

IMPORTS

-- From [PKI-ASN]

mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256,
sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey,
ECDSA-Sig-Value, ECPoint, ECParameters
  FROM PKIXAlgs-2009
    { iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-pkix1-algorithms2008-02(56) }

-- From [PKI-ASN]

mda-sha224, mda-sha256, mda-sha384, mda-sha512
  FROM PKIX1-PSS-OAEP-Algorithms-2009
    { iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-pkix1-rsa-pkalgs-02(54) }

-- FROM [CMS-ASN]

KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM,
PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE, SMIME-CAPS,
AlgorithmIdentifier{}
  FROM AlgorithmInformation-2009
    { iso(1) identified-organization(3) dod(6) internet(1)
      security(5) mechanisms(5) pkix(7) id-mod(0)
      id-mod-algorithmInformation-02(58) }

-- From [CMS-ASN]

OriginatorPublicKey, UserKeyingMaterial
  FROM CryptographicMessageSyntax-2009
    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-cms-2004-02(41) }

Top      Up      ToC       Page 46 
-- From [CMS-ASN]

maca-hMAC-SHA1, cea-3DES-cbc, kwa-3DESWrap, CBCParameter
  FROM CryptographicMessageSyntaxAlgorithms-2009
    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-cmsalg-2001-02(37) }

-- From [CMS-ASN]

cea-aes128-cbc, cea-aes192-cbc, cea-aes256-cbc, kwa-aes128-wrap,
kwa-aes192-wrap, kwa-aes256-wrap
  FROM CMSAesRsaesOaep-2009
    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-cms-aes-02(38) }

-- From [CMS-ASN]

cea-aes128-CCM, cea-aes192-CCM, cea-aes256-CCM, cea-aes128-GCM,
cea-aes192-GCM, cea-aes256-GCM
  FROM CMS-AES-CCM-and-AES-GCM-2009
    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) }

;

-- Constrains the SignedData digestAlgorithms field
-- Constrains the SignedData SignerInfo digestAlgorithm field
-- Constrains the AuthenticatedData digestAlgorithm field

-- Message Digest Algorithms: Imported from [PKI-ASN]

-- MessageDigestAlgs DIGEST-ALGORITHM ::= {
--  mda-sha1   |
--  mda-sha224 |
--  mda-sha256 |
--  mda-sha384 |
--  mda-sha512,
--  ...
-- }

-- Constrains the SignedData SignerInfo signatureAlgorithm field

-- Signature Algorithms: Imported from [PKI-ASN]

-- SignatureAlgs SIGNATURE-ALGORITHM ::= {
--  sa-ecdsaWithSHA1   |
--  sa-ecdsaWithSHA224 |
--  sa-ecdsaWithSHA256 |

Top      Up      ToC       Page 47 
--  sa-ecdsaWithSHA384 |
--  sa-ecdsaWithSHA512,
--  ...
-- }

-- ECDSA Signature Value: Imported from [PKI-ALG]
-- Contents of SignatureValue OCTET STRING

-- ECDSA-Sig-Value ::= SEQUENCE {
--   r  INTEGER,
--   s  INTEGER
-- }

--
-- Key Agreement Algorithms
--

-- Constrains the EnvelopedData RecipientInfo KeyAgreeRecipientInfo
--   keyEncryption Algorithm field
-- Constrains the AuthenticatedData RecipientInfo
--   KeyAgreeRecipientInfo keyEncryption Algorithm field
-- Constrains the AuthEnvelopedData RecipientInfo
--   KeyAgreeRecipientInfo keyEncryption Algorithm field

-- DH variants are not used with AuthenticatedData or
-- AuthEnvelopedData

KeyAgreementAlgs KEY-AGREE ::= {
  kaa-dhSinglePass-stdDH-sha1kdf-scheme        |
  kaa-dhSinglePass-stdDH-sha224kdf-scheme      |
  kaa-dhSinglePass-stdDH-sha256kdf-scheme      |
  kaa-dhSinglePass-stdDH-sha384kdf-scheme      |
  kaa-dhSinglePass-stdDH-sha512kdf-scheme      |
  kaa-dhSinglePass-cofactorDH-sha1kdf-scheme   |
  kaa-dhSinglePass-cofactorDH-sha224kdf-scheme |
  kaa-dhSinglePass-cofactorDH-sha256kdf-scheme |
  kaa-dhSinglePass-cofactorDH-sha384kdf-scheme |
  kaa-dhSinglePass-cofactorDH-sha512kdf-scheme |
  kaa-mqvSinglePass-sha1kdf-scheme             |
  kaa-mqvSinglePass-sha224kdf-scheme           |
  kaa-mqvSinglePass-sha256kdf-scheme           |
  kaa-mqvSinglePass-sha384kdf-scheme           |
  kaa-mqvSinglePass-sha512kdf-scheme,
  ...
}

Top      Up      ToC       Page 48 
x9-63-scheme OBJECT IDENTIFIER ::= {
  iso(1) identified-organization(3) tc68(133) country(16) x9(840)
  x9-63(63) schemes(0) }

secg-scheme OBJECT IDENTIFIER ::= {
  iso(1) identified-organization(3) certicom(132) schemes(1) }

--
-- Diffie-Hellman Single Pass, Standard, with KDFs
--

-- Parameters are always present and indicate the Key Wrap Algorithm

kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme
}

dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
  x9-63-scheme 2 }

kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme
}

dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 11 0 }

kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme
}

dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 11 1 }

Top      Up      ToC       Page 49 
kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme
}

dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 11 2 }

kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme
}

dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 11 3 }

--
-- Diffie-Hellman Single Pass, Cofactor, with KDFs
--

kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme
}

dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
  x9-63-scheme 3 }

kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme
}

dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 14 0 }

Top      Up      ToC       Page 50 
kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme
}

dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 14 1 }

kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme
}

dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 14 2 }

kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme
}

dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 14 3 }

--
-- MQV Single Pass, Cofactor, with KDFs
--

kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha1kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha1kdf-scheme
}

mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= {
  x9-63-scheme 16 }

Top      Up      ToC       Page 51 
kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha224kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha224kdf-scheme
}

mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 15 0 }

kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha256kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha256kdf-scheme
}

mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 15 1 }

kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha384kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha384kdf-scheme
}

mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 15 2 }

kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha512kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha512kdf-scheme
}

mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 15 3 }

--
-- Key Wrap Algorithms: Imported from [CMS-ASN]
--

Top      Up      ToC       Page 52 
KeyWrapAlgorithm ::= AlgorithmIdentifier { KEY-WRAP, { KeyWrapAlgs } }

KeyWrapAlgs KEY-WRAP ::= {
  kwa-3DESWrap    |
  kwa-aes128-wrap |
  kwa-aes192-wrap |
  kwa-aes256-wrap,
  ...
}

--
-- Content Encryption Algorithms: Imported from [CMS-ASN]
--

-- Constrains the EnvelopedData EncryptedContentInfo encryptedContent
-- field and the AuthEnvelopedData EncryptedContentInfo
-- contentEncryptionAlgorithm field

-- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= {
--   cea-3DES-cbc |
--   cea-aes128-cbc   |
--   cea-aes192-cbc   |
--   cea-aes256-cbc   |
--   cea-aes128-ccm   |
--   cea-aes192-ccm   |
--   cea-aes256-ccm   |
--   cea-aes128-gcm   |
--   cea-aes192-gcm   |
--   cea-aes256-gcm,
--   ...
--   }

-- des-ede3-cbc and aes*-cbc are used with EnvelopedData and
-- EncryptedData
-- aes*-ccm are used with AuthEnvelopedData
-- aes*-gcm are used with AuthEnvelopedData
-- (where * is 128, 192, and 256)

--
-- Message Authentication Code Algorithms
--

-- Constrains the AuthenticatedData
-- MessageAuthenticationCodeAlgorithm field
--

Top      Up      ToC       Page 53 
MessageAuthAlgs MAC-ALGORITHM ::= {
--  maca-hMAC-SHA1 |
  maca-hMAC-SHA224 |
  maca-hMAC-SHA256 |
  maca-hMAC-SHA384 |
  maca-hMAC-SHA512,
  ...
}

maca-hMAC-SHA224 MAC-ALGORITHM ::= {
  IDENTIFIER id-hmacWithSHA224
  PARAMS ARE absent
  IS-KEYED-MAC TRUE
  SMIME-CAPS cap-hMAC-SHA224
}

id-hmacWithSHA224 OBJECT IDENTIFIER ::= {
  iso(1) member-body(2) us(840) rsadsi(113549)
  digestAlgorithm(2) 8 }

maca-hMAC-SHA256 MAC-ALGORITHM ::= {
  IDENTIFIER id-hmacWithSHA256
  PARAMS ARE absent
  IS-KEYED-MAC TRUE
  SMIME-CAPS cap-hMAC-SHA256
}

id-hmacWithSHA256 OBJECT IDENTIFIER ::= {
  iso(1) member-body(2) us(840) rsadsi(113549)
  digestAlgorithm(2) 9 }

maca-hMAC-SHA384 MAC-ALGORITHM ::= {
  IDENTIFIER id-hmacWithSHA384
  PARAMS ARE absent
  IS-KEYED-MAC TRUE
  SMIME-CAPS cap-hMAC-SHA384
}

id-hmacWithSHA384 OBJECT IDENTIFIER ::= {
  iso(1) member-body(2) us(840) rsadsi(113549)
  digestAlgorithm(2) 10 }

maca-hMAC-SHA512 MAC-ALGORITHM ::= {
  IDENTIFIER id-hmacWithSHA512
  PARAMS ARE absent
  IS-KEYED-MAC TRUE
  SMIME-CAPS cap-hMAC-SHA512
}

Top      Up      ToC       Page 54 
id-hmacWithSHA512 OBJECT IDENTIFIER ::= {
  iso(1) member-body(2) us(840) rsadsi(113549)
  digestAlgorithm(2) 11 }

--
-- Originator Public Key Algorithms
--

-- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey
-- OriginatorPublicKey algorithm field

OriginatorPKAlgorithms PUBLIC-KEY ::= {
  opka-ec,
  ...
}

opka-ec PUBLIC-KEY ::={
  IDENTIFIER id-ecPublicKey
  KEY ECPoint
  PARAMS TYPE CHOICE { n NULL, p ECParameters } ARE preferredAbsent
}

-- Format for both ephemeral and static public keys: Imported from
-- [PKI-ALG]

-- ECPoint ::= OCTET STRING

-- ECParameters ::= CHOICE {
--   namedCurve      CURVE.&id({NamedCurve})
--   commented out in [PKI-ALG] implicitCurve   NULL
--   commented out in [PKI-ALG] specifiedCurve  SpecifiedECDomain
--   commented out in [PKI-ALG] ...
-- }
  -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
  -- Details for SpecifiedECDomain can be found in [X9.62].
  -- Any future additions to this CHOICE should be coordinated
  -- with ANSI X.9.

-- Format of KeyAgreeRecipientInfo ukm field when used with
-- ECMQV

MQVuserKeyingMaterial ::= SEQUENCE {
  ephemeralPublicKey       OriginatorPublicKey,
  addedukm             [0] EXPLICIT UserKeyingMaterial OPTIONAL
}

Top      Up      ToC       Page 55 
-- 'SharedInfo' for input to KDF when using ECDH and ECMQV with
-- EnvelopedData, AuthenticatedData, or AuthEnvelopedData

ECC-CMS-SharedInfo ::= SEQUENCE {
  keyInfo         KeyWrapAlgorithm,
  entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
  suppPubInfo [2] EXPLICIT OCTET STRING
}

--
-- S/MIME CAPS for algorithms in this document
--

Top      Up      ToC       Page 56 
SMimeCAPS SMIME-CAPS ::= {
--  mda-sha1.&smimeCaps                                   |
--  mda-sha224.&smimeCaps                                 |
--  mda-sha256.&smimeCaps                                 |
--  mda-sha384.&smimeCaps                                 |
--  mda-sha512.&smimeCaps                                 |
--  sa-ecdsaWithSHA1.&smimeCaps                           |
--  sa-ecdsaWithSHA224.&smimeCaps                         |
--  sa-ecdsaWithSHA256.&smimeCaps                         |
--  sa-ecdsaWithSHA384.&smimeCaps                         |
--  sa-ecdsaWithSHA512.&smimeCaps                         |
  kaa-dhSinglePass-stdDH-sha1kdf-scheme.&smimeCaps        |
  kaa-dhSinglePass-stdDH-sha224kdf-scheme.&smimeCaps      |
  kaa-dhSinglePass-stdDH-sha256kdf-scheme.&smimeCaps      |
  kaa-dhSinglePass-stdDH-sha384kdf-scheme.&smimeCaps      |
  kaa-dhSinglePass-stdDH-sha512kdf-scheme.&smimeCaps      |
  kaa-dhSinglePass-cofactorDH-sha1kdf-scheme.&smimeCaps   |
  kaa-dhSinglePass-cofactorDH-sha224kdf-scheme.&smimeCaps |
  kaa-dhSinglePass-cofactorDH-sha256kdf-scheme.&smimeCaps |
  kaa-dhSinglePass-cofactorDH-sha384kdf-scheme.&smimeCaps |
  kaa-dhSinglePass-cofactorDH-sha512kdf-scheme.&smimeCaps |
  kaa-mqvSinglePass-sha1kdf-scheme.&smimeCaps             |
  kaa-mqvSinglePass-sha224kdf-scheme.&smimeCaps           |
  kaa-mqvSinglePass-sha256kdf-scheme.&smimeCaps           |
  kaa-mqvSinglePass-sha384kdf-scheme.&smimeCaps           |
  kaa-mqvSinglePass-sha512kdf-scheme.&smimeCaps           |
--  kwa-3des.&smimeCaps                                   |
--  kwa-aes128.&smimeCaps                                 |
--  kwa-aes192.&smimeCaps                                 |
--  kwa-aes256.&smimeCaps                                 |
--  cea-3DES-cbc.&smimeCaps                               |
--  cea-aes128-cbc.&smimeCaps                             |
--  cea-aes192-cbc.&smimeCaps                             |
--  cea-aes256-cbc.&smimeCaps                             |
--  cea-aes128-ccm.&smimeCaps                             |
--  cea-aes192-ccm.&smimeCaps                             |
--  cea-aes256-ccm.&smimeCaps                             |
--  cea-aes128-gcm.&smimeCaps                             |
--  cea-aes192-gcm.&smimeCaps                             |
--  cea-aes256-gcm.&smimeCaps                             |
--  maca-hMAC-SHA1.&smimeCaps                             |
  maca-hMAC-SHA224.&smimeCaps                             |
  maca-hMAC-SHA256.&smimeCaps                             |
  maca-hMAC-SHA384.&smimeCaps                             |
  maca-hMAC-SHA512.&smimeCaps,
  ...
}

Top      Up      ToC       Page 57 
cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme SMIME-CAPS ::= {
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme
}

cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme SMIME-CAPS ::= {
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme
}

cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme SMIME-CAPS ::= {
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme
}

cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme SMIME-CAPS ::= {
   TYPE KeyWrapAlgorithm
   IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme
}

cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme SMIME-CAPS ::= {
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme
}

cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha1kdf-scheme
}

cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha224kdf-scheme
}

cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha256kdf-scheme
}

cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha384kdf-scheme
}

Top      Up      ToC       Page 58 
cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha512kdf-scheme
}

cap-kaa-mqvSinglePass-sha1kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha1kdf-scheme
}

cap-kaa-mqvSinglePass-sha224kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha224kdf-scheme
}

cap-kaa-mqvSinglePass-sha256kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha256kdf-scheme
}

cap-kaa-mqvSinglePass-sha384kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha384kdf-scheme
}

cap-kaa-mqvSinglePass-sha512kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha512kdf-scheme
}

cap-hMAC-SHA224 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA224 }

cap-hMAC-SHA256 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA256 }

cap-hMAC-SHA384 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA384 }

cap-hMAC-SHA512 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA512 }

END

Top      Up      ToC       Page 59 
Appendix B.  Changes since RFC 3278

   The following summarizes the changes:

   - Abstract: The basis of the document was changed to refer to NIST
     FIPS 186-3 and SP800-56A.  However, to maintain backwards
     compatibility the Key Derivation Function from ANSI/SEC1 is
     retained.

   - Section 1: A bullet was added to address AuthEnvelopedData.

   - Section 2.1: A sentence was added to indicate FIPS180-3 is used
     with ECDSA.  Replaced reference to ANSI X9.62 with FIPS186-3.

   - Section 2.1.1: The permitted digest algorithms were expanded from
     SHA-1 to SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512.

   - Section 2.1.2 and 2.1.3: The bullet addressing integer "e" was
     deleted.

   - Section 3: Added explanation of why static-static ECDH is not
     included.

   - Section 3.1: The reference for DH was changed from RFC 3852 to RFC
     3370.  Provided text to indicate fields of EnvelopedData are as in
     CMS.

   - Section 3.1.1: The text was updated to include description of all
     KeyAgreeRecipientInfo fields.  Parameters for id-ecPublicKey field
     changed from NULL to absent or ECParameter.  Additional information
     about ukm was added.

   - Section 3.2: The sentence describing the advantages of 1-Pass ECMQV
     was rewritten.

   - Section 3.2.1: The text was updated to include description of all
     fields.  Parameters for id-ecPublicKey field changed from NULL to
     absent or ECParameters.

   - Sections 3.2.2 and 4.1.2: The re-use of ephemeral keys paragraph
     was reworded.

   - Section 4.1:  The sentences describing the advantages of 1-Pass
     ECMQV was moved to Section 4.

   - Section 4.1.2: The note about the attack was moved to Section 4.

Top      Up      ToC       Page 60 
   - Section 4.2: This section was added to address AuthEnvelopedData
     with ECMQV.

   - Section 5: This section was moved to Section 8.  The 1st paragraph
     was modified to recommend both SignedData and EnvelopedData.  The
     requirements were updated for hash algorithms and recommendations
     for matching curves and hash algorithms.  Also, the requirements
     were expanded to indicate which ECDH and ECMQV variants, key wrap
     algorithms, and content encryption algorithms are required for each
     of the content types used in this document.  The permitted digest
     algorithms used in KDFs were expanded from SHA-1 to SHA-1, SHA-224,
     SHA-256, SHA-384, and SHA-512.

   - Section 6 (formerly 7): This section was updated to allow for
     SMIMECapabilities to be present in certificates.  The S/MIME
     capabilities for ECDSA with SHA-224, SHA-256, SHA-384, and SHA-512
     were added to the list of S/MIME Capabilities.  Also, updated to
     include S/MIME capabilities for ECDH and ECMQV using the SHA-224,
     SHA-256, SHA-384, and SHA-512 algorithms as the KDF.

   - Section 7.1 (formerly 8.1): Added sub-sections for digest,
     signature, originator public key, key agreement, content
     encryption, key wrap, and message authentication code algorithms.
     Pointed to algorithms and parameters in appropriate documents for:
     SHA-224, SHA-256, SHA-384, and SHA-512 as well as SHA-224, SHA-256,
     SHA-384, and SHA-512 with ECDSA.  Also, added algorithm identifiers
     for ECDH std, ECDH cofactor, and ECMQV with SHA-224, SHA-256,
     SHA-384, and SHA-512 algorithms as the KDF.  Changed id-ecPublicKey
     parameters to be absent, NULL, or ECParameters, and if present the
     originator's ECParameters must match the recipient's ECParameters.

   - Section 7.2 (formerly 8.2): Updated to include AuthEnvelopedData.
     Also, added text to address support requirement for compressed,
     uncompressed, and hybrid keys; changed pointers from ANSI X9.61 to
     PKIX (where ECDSA-Sig-Value is imported); changed pointers from
     SECG to NIST specs; and updated example of suppPubInfo to be
     AES-256.  keyInfo's parameters changed from NULL to any associated
     parameters (AES wraps have absent parameters).

   - Section 9: Replaced text, which was a summary paragraph, with an
     updated security considerations section.  Paragraph referring to
     definitions of SHA-224, SHA-256, SHA-384, and SHA-512 is deleted.

   - Updated references.

   - Added ASN.1 modules.

   - Updated acknowledgements section.

Top      Up      ToC       Page 61 
Acknowledgements

   The methods described in this document are based on work done by the
   ANSI X9F1 working group.  The authors wish to extend their thanks to
   ANSI X9F1 for their assistance.  The authors also wish to thank Peter
   de Rooij for his patient assistance.  The technical comments of
   Francois Rousseau were valuable contributions.

   Many thanks go out to the other authors of RFC 3278: Simon Blake-
   Wilson and Paul Lambert.  Without RFC 3278, this version wouldn't
   exist.

   The authors also wish to thank Alfred Hoenes, Jonathan Herzog, Paul
   Hoffman, Russ Housley, and Jim Schaad for their valuable input.

Authors' Addresses

   Sean Turner
   IECA, Inc.
   3057 Nutley Street, Suite 106
   Fairfax, VA 22031
   USA

   EMail: turners@ieca.com


   Daniel R. L. Brown
   Certicom Corp
   5520 Explorer Drive #400
   Mississauga, ON L4W 5L1
   Canada

   EMail: dbrown@certicom.com