… different from the approach used by both "Cryptographic Message Syntax (CMS)" [RFC5652] and "JSON Web Encryption (JWE)" [RFC7516] where different structures are used for the content layer and for the recipient layer. Two structures are defined: COSE_Encrypt to hold the encrypted…

…). Every RPKI signed object includes, in the Cryptographic Message Syntax (CMS) RFC5652 wrapper of the object, the EE certificate used to verify it RFC6488 . Thus, there is no requirement to separately publish that EE certificate at the CA's repository publication point. Where mu…

…ransparent IXP Route Servers do not need to be listed as PAS in ASPAs. This CMS RFC5652 protected content type definition conforms to the RFC6488 template for RPKI signed objects. In accordance with Section 4 of RFC6488 , this document defines: The object identifier (OID) that id…

…3161] use Cryptographic Message Syntax (CMS) as the signature envelope format. [RFC5652] provides details about signature verification, and [RFC3161] provides details specific to timestamp token validation. The payload of the signed timestamp token is the TSTInfo structure define…

…lly signed objects RFC6488 , which defines a Cryptographic Message Syntax (CMS) RFC5652 wrapper for the content, as well as a generic validation procedure for RPKI signed objects. Therefore, to complete the specification of the TAK object (see Section 4 of [ RFC6488 ), this docum…

… the Secure SHell (SSH) Protocol [RFC4251], Cryptographic Message Syntax (CMS) [RFC5652] and derivatives, X.509 public key infrastructures [RFC5280], and many others. The construction described in this document is known as a "derandomization". This has been proposed for various s…

…(CBC) mode [ NIST.800-38A ] with PKCS #7 padding operations per Section 6.3 of [RFC5652] and HMAC ([ RFC2104 ] and [ SHS ]) operations. This algorithm family is called AES_CBC_HMAC_SHA2. It also defines three instances of this family: the first using 128-bit CBC keys and HMAC SHA…

…(CBC) mode [ NIST.800-38A ] with PKCS #7 padding operations per Section 6.3 of [RFC5652] and HMAC ([ RFC2104 ] and [ SHS ]) operations. This algorithm family is called AES_CBC_HMAC_SHA2. It also defines three instances of this family: the first using 128-bit CBC keys and HMAC SHA…

…different from the approach used by both "Cryptographic Message Syntax (CMS)" [ RFC5652 ] and "JSON Web Encryption (JWE)" [ RFC7516 ] where different structures are used for the content layer and for the recipient layer. Two structures are defined: COSE_Encrypt to hold the encryp…

…ity (TLS) Protocol Version 1.2", RFC 5246 DOI 10.17487/RFC5246, August 2008, >. RFC5652 ] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652 , DOI 10.17487/RFC5652, September 2009, >. RFC5958 ] Turner, S., "Asymmetric Key Packages", RFC 5958 DOI 10.17487/RFC5958,…

The security considerations related to the CMS enveloped-data content type in [ RFC5652 ] and the security considerations related to the CMS authenticated-enveloped-data content type in [ RFC5083 ] continue to apply. ¶ Implementations of the key derivation function must compute t…

… content-type is the signed-data type of id-data, namely the id-signedData OID [RFC5652], 1.2.840.113549.1.7.2. It should say: The content-type is the id-signedData OID [RFC5652], 1.2.840.113549.1.7.2. Notes: id-data (OID 1.2.840.113549.1.7.1) and id-signedData are siblings in th…

… content-type is the signed-data type of id-data, namely the id-signedData OID [RFC5652], 1.2.840.113549.1.7.2. It should say: The content-type is the id-signedData OID [RFC5652], 1.2.840.113549.1.7.2. Notes: id-data (OID 1.2.840.113549.1.7.1) and id-signedData are siblings in th…