S/MIME Working Group Serguei Leontiev, CRYPTO-PRO
Internet Draft Gregory Chudov, CRYPTO-PRO
Expires January 18, 2006 July 18, 2005
Intended Category: Informational
Using the GOST 28147-89, GOST R 34.11-94,
GOST R 34.10-94 and GOST R 34.10-2001 algorithms with the
Cryptographic Message Syntax (CMS)
<draft-ietf-smime-gost-04.txt>
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than a "work in progress."
The list of current Internet Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document describes the conventions for using cryptographic
algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R
34.11-94, along with Cryptographic Message Syntax (CMS). The CMS is
used for digital signature, digest, authentication and encryption
arbitrary message contents.
Leontiev, Chudov Informational [Page 1]
Internet-Draft Using GOST with CMS July 2005
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Terminology. . . . . . . . . . . . . . . . . . . . . . . 3
2 Message Digest Algorithms. . . . . . . . . . . . . . . . 3
2.1 Message Digest Algorithm GOST R 34.11-94 . . . . . . . . 3
3 Signature Algorithms . . . . . . . . . . . . . . . . . . 4
3.1 Signature Algorithm GOST R 34.10-94. . . . . . . . . . . 4
3.2 Signature Algorithm GOST R 34.10-2001. . . . . . . . . . 4
4 Key Management Algorithms. . . . . . . . . . . . . . . . 5
4.1 Key Agreement Algorithms . . . . . . . . . . . . . . . . 5
4.1.1 Key Agreement Algorithm Based on GOST R 34.10-94/2001
Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.2 Key Transport Algorithms. .. . . . . . . . . . . . . . . 7
4.2.1 Key Transport Algorithm Based on GOST R 34.10-94/2001
Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5 Content Encryption Algorithms. . . . . . . . . . . . . . 8
5.1 Key-Encryption Key Algorithm GOST 28147-89 . . . . . . . 8
6 MAC Algorithms . . . . . . . . . . . . . . . . . . . . . 9
6.1 HMAC with GOST R 34.11-94. . . . . . . . . . . . . . . . 9
7 Using with S/MIME. . . . . . . . . . . . . . . . . . . . 9
7.1 Parameter micalg . . . . . . . . . . . . . . . . . . . . 9
7.2 Atribute SMIMECapabilities . . . . . . . . . . . . . . . 9
8 Security Considerations. . . . . . . . . . . . . . . . . 10
9 Appendix Examples. . . . . . . . . . . . . . . . . . . . 11
9.1 Signed message . . . . . . . . . . . . . . . . . . . . . 11
9.2 Enveloped message using Key Agreement. . . . . . . . . . 12
9.3 Enveloped message using Key Transport. . . . . . . . . . 14
10 Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 17
10.1 GostR3410-EncryptionSyntax . . . . . . . . . . . . . . . 17
10.2 GostR3410-94-SignatureSyntax . . . . . . . . . . . . . . 19
10.3 GostR3410-2001-SignatureSyntax . . . . . . . . . . . . . 20
11 References . . . . . . . . . . . . . . . . . . . . . . . 21
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 23
Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 23
Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 25
1 Introduction
The Cryptographic Message Syntax [CMS] is used for digital signature,
digest, authentication and encryption of arbitrary message contents.
This companion specification describes the use of cryptographic
algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 and GOST
R 34.11-94 in CMS, as proposed by the CRYPTO-PRO Company for "Russian
Cryptographic Software Compatibility Agreement" community. This
document does not describe these cryptographic algorithms; they are
defined in corresponding national standards.
The CMS values are generated using ASN.1 [X.208-88], using BER-
Leontiev, Chudov Informational [Page 2]
Internet-Draft Using GOST with CMS July 2005
encoding [X.209-88]. This document specifies the algorithm
identifiers for each algorithm, including ASN.1 for object
identifiers and any associated parameters.
The fields in the CMS employed by each algorithm are identified.
1.2 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2 Message Digest Algorithms
This section specifies the conventions for using the digest algorithm
GOST R 34.11-94 employed by CMS.
Digest values are located in the DigestedData digest field and the
Message Digest authenticated attribute. In addition, digest values
are input to signature algorithms.
2.1 Message Digest Algorithm GOST R 34.11-94
Hash function GOST R 34.11-94 has been developed by "GUBS of Federal
Agency Government Communication and Information" and "All-Russian
Scientific and Research Institute of Standardization". The algorithm
GOST R 34.11-94 produces a 256-bit hash value of the arbitrary finite
bit length input. This document does not contain the full GOST R
34.11-94 specification, which can be found in [GOSTR3411] in Russian.
[Schneier95] ch. 18.11, p. 454. contains a brief technical
description in English.
id-CryptoPro OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) }
id-CryptoPro-algorithms OBJECT IDENTIFIER ::=
id-CryptoPro
The hash algorithm GOST R 34.11-94 has the following identifier:
id-GostR3411-94 OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms gostr3411(9) }
The AlgorithmIdentifier parameters field MUST be present, and the
parameters field MUST contain NULL. Implementations MAY accept the
GOST R 34.11-94 AlgorithmIdentifiers with absent parameters as well
as NULL parameters.
Leontiev, Chudov Informational [Page 3]
Internet-Draft Using GOST with CMS July 2005
This function is always used with default parameters
gostR3411CryptoProParamSetAI (see section 8.2 of [CPALGS]).
When Message Digest authenticated attribute is present, DigestedData
digest contains a 32-byte digest in little-endian representation:
GostR3411-94-Digest ::= OCTET STRING (SIZE (32))
3 Signature Algorithms
This section specifies the CMS procedures for GOST R 34.10-94 and
GOST R 34.10-2001 signature algorithms.
Signature algorithm identifiers are located in the SignerInfo
signatureAlgorithm field of SignedData. Also, signature algorithm
identifiers are located in the SignerInfo signatureAlgorithm field of
countersignature attributes.
Signature values are located in the SignerInfo signature field of
SignedData. Also, signature values are located in the SignerInfo
signature field of countersignature attributes.
3.1 Signature Algorithm GOST R 34.10-94
GOST R 34.10-94 has been developed by "GUBS of Federal Agency
Government Communication and Information" and "All-Russian Scientific
and Research Institute of Standardization". This signature algorithm
MUST be used conjointly with GOST R 34.11-94 message digest
algorithm. This document does not contain the full GOST R 34.10-94
specification, which is fully described in [GOSTR341094] in Russian,
and a brief description in English can be found in [Schneier95] ch.
20.3, p. 495.
The GOST R 34.10-94 signature algorithm has the following public key
algorithm identifier [CPPK]:
id-GostR3410-94-signature OBJECT IDENTIFIER ::= id-GostR3410-94
Signature algorithm GOST R 34.10-94 generates a digital signature in
the form of a binary 512-bit vector (<r'>256||<s>256).
signatureValue contains its little endian representation.
GostR3410-94-Signature ::= OCTET STRING (SIZE (64))
3.2 Signature Algorithm GOST R 34.10-2001
GOST R 34.10-2001 has been developed by "GUBS of Federal Agency
Government Communication and Information" and "All-Russian Scientific
Leontiev, Chudov Informational [Page 4]
Internet-Draft Using GOST with CMS July 2005
and Research Institute of Standardization". This signature algorithm
MUST be used conjointly with GOST R 34.11-94. This document does not
contain the full GOST R 34.10-2001 specification, which is fully
described in [GOSTR341001].
The signature algorithm GOST R 34.10-2001 has the following public
key algorithm identifier from [CPPK]:
id-GostR3410-2001-signature OBJECT IDENTIFIER ::= id-GostR3410-2001
Signature algorithm GOST R 34.10-2001 generates a digital signature
in the form of a binary 512-bit vector (<r'>256||<s>256).
signatureValue contains its little endian representation.
GostR3410-2001-Signature ::= OCTET STRING (SIZE (64))
4 Key Management Algorithms
This chapter describes the key agreement and key transport
algorithms, based on VKO GOST R 34.10-94 and VKO GOST R 34.10-2001
key derivation algorithms, and the CryptoPro and GOST 28147-89 key
wrap algorithms, described in [CPALGS]. They MUST be used only with
content encryption algorithm GOST 28147-89, defined in section 5 of
this document.
4.1 Key Agreement Algorithms
This section specifies the conventions employed by CMS
implementations that support key agreement using both VKO GOST R
34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS].
Key agreement algorithm identifiers are located in the EnvelopedData
RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm and
AuthenticatedData RecipientInfos KeyAgreeRecipientInfo
keyEncryptionAlgorithm fields.
Wrapped content-encryption keys are located in the EnvelopedData
RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys
encryptedKey field. Wrapped message-authentication keys are located
in the AuthenticatedData RecipientInfos KeyAgreeRecipientInfo
RecipientEncryptedKeys encryptedKey field.
4.1.1 Key Agreement Algorithm Based on GOST R 34.10-94/2001 Public Keys
The EnvelopedData RecipientInfos KeyAgreeRecipientInfo field is used
as follows:
version MUST be 3.
Leontiev, Chudov Informational [Page 5]
Internet-Draft Using GOST with CMS July 2005
originator MUST be the originatorKey alternative. The
originatorKey algorithm field MUST contain the object identifier
id-GostR3410-94 or id-GostR3410-2001 and corresponding parameters
(defined in sections 2.3.1, 2.3.2 of [CPPK]).
The originatorKey publicKey field MUST contain the sender's public
key.
keyEncryptionAlgorithm algorithm field MUST be identical to the
recipient public key algorithm identifier.
keyEncryptionAlgorithm parameters MUST encapsulate
GostR3410-TransportParameters, containing encryptionParamSet (GOST
28147-89 algorithm parameters used for key encryption), and UKM.
GostR3410-TransportParameters ephemeralPublicKey MUST NOT be
present.
GostR3410-TransportParameters ::= SEQUENCE {
encryptionParamSet OBJECT IDENTIFIER,
ephemeralPublicKey [0] IMPLICIT SubjectPublicKeyInfo OPTIONAL,
ukm OCTET STRING
}
KeyAgreeRecipientInfo ukm MUST be absent,
GostR3410-TransportParameters ukm is used instead and is not
optional.
encryptedKey MUST encapsulate Gost28147-89-EncryptedKey, where
maskKey MUST be absent.
Gost28147-89-EncryptedKey ::= SEQUENCE {
encryptedKey Gost28147-89-Key,
maskKey [0] IMPLICIT Gost28147-89-Key
OPTIONAL,
macKey Gost28147-89-MAC
}
Using the secret key, corresponding to the originatorKey publicKey,
and the recipient's public key, the algorithm VKO GOST R 34.10-94 or
VKO GOST R 34.10-2001 (described in [CPALGS]) is applied to produce
the KEK.
Then the key wrap algorithm, specified by encryptionParamSet, is
applied to produce CEK_ENC, CEK_MAC, and IV.
GostR3410-TransportParameters encryptionParamSet is used for all
encryption operations.
The resulting encrypted key (CEK_ENC) is placed in
Leontiev, Chudov Informational [Page 6]
Internet-Draft Using GOST with CMS July 2005
Gost28147-89-EncryptedKey encryptedKey field, its mac (CEK_MAC) is
placed in Gost28147-89-EncryptedKey macKey field, and synchrovector
(IV) is placed in GostR3410-TransportParameters ukm field.
4.2 Key Transport Algorithms
This section specifies the conventions employed by CMS
implementations that support key transport using both VKO GOST R
34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS].
Key transport algorithm identifiers are located in the EnvelopedData
RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field.
Key transport encrypted content-encryption keys are located in the
EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey
field.
4.2.1 Key Transport Algorithm Based on GOST R 34.10-94/2001 Public Keys
The EnvelopedData RecipientInfos KeyTransRecipientInfo field is used
as follows:
version MUST be 0 or 3.
keyEncryptionAlgorithm and parameters MUST be identical to the
recipient public key algorithm and parameters.
encryptedKey encapsulates GostR3410-KeyTransport, which consists
of encrypted content-encryption key, it's MAC, GOST 28147-89
algorithm parameters used for key encryption, sender's ephemeral
public key, and UKM (UserKeyingMaterial, see [CMS], 10.2.6).
transportParameters MUST be present.
ephemeralPublicKey MUST be present, and its parameters, if
present, MUST be equal to the recipient public key parameters;
GostR3410-KeyTransport ::= SEQUENCE {
sessionEncryptedKey Gost28147-89-EncryptedKey,
transportParameters
[0] IMPLICIT GostR3410-TransportParameters OPTIONAL
}
GostR3410-TransportParameters ::= SEQUENCE {
encryptionParamSet OBJECT IDENTIFIER,
ephemeralPublicKey [0] IMPLICIT SubjectPublicKeyInfo OPTIONAL,
ukm OCTET STRING
}
Leontiev, Chudov Informational [Page 7]
Internet-Draft Using GOST with CMS July 2005
Using the secret key, corresponding to the
GostR3410-TransportParameters ephemeralPublicKey, and the recipient's
public key, the algorithm VKO GOST R 34.10-94 or VKO GOST R
34.10-2001 (described in [CPALGS]) is applied to produce the KEK.
Then key wrap algorithm, specified by encryptionParamSet, is applied
to produce CEK_ENC, CEK_MAC, and IV. GostR3410-TransportParameters
encryptionParamSet is used for all encryption operations.
The resulting encrypted key (CEK_ENC) is placed in
Gost28147-89-EncryptedKey encryptedKey field, its mac (CEK_MAC) is
placed in Gost28147-89-EncryptedKey macKey field, and synchrovector
(IV) is placed in GostR3410-TransportParameters ukm field.
5 Content Encryption Algorithms
This section specifies the conventions employed by CMS
implementations that support content encryption using GOST 28147-89.
Content encryption algorithm identifiers are located in the
EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm and the
EncryptedData EncryptedContentInfo contentEncryptionAlgorithm fields.
Content encryption algorithms are used to encipher the content
located in the EnvelopedData EncryptedContentInfo encryptedContent
field and the EncryptedData EncryptedContentInfo encryptedContent
field.
5.1 Content Encryption Algorithm GOST 28147-89
This section specifies the use of GOST 28147-89 algorithm for data
encipherment.
GOST 28147-89 is fully described in [GOST28147] (in Russian).
This document specifies the following OID for this algorithm:
id-Gost28147-89 OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms gost28147-89(21) }
Algorithm parameters MUST be present and have the following
structure:
Gost28147-89-Parameters ::=
SEQUENCE {
iv Gost28147-89-IV,
encryptionParamSet OBJECT IDENTIFIER
}
Leontiev, Chudov Informational [Page 8]
Internet-Draft Using GOST with CMS July 2005
Gost28147-89-IV ::= OCTET STRING (SIZE (8))
encryptionParamSet specifies the set of corresponding
Gost28147-89-ParamSetParameters (see section 8.1 of [CPALGS])
6 MAC Algorithms
This section specifies the conventions employed by CMS
implementations that support the message authentication code (MAC)
based on GOST R 34.11-94.
MAC algorithm identifiers are located in the AuthenticatedData
macAlgorithm field.
MAC values are located in the AuthenticatedData mac field.
6.1 HMAC with GOST R 34.11-94
HMAC_GOSTR3411 (K,text) function is based on hash function GOST R
34.11-94, as defined in section 3 of [CPALGS].
This document specifies the following OID for this algorithm:
id-HMACGostR3411-94 OBJECT IDENTIFIER ::=
{ id-CryptoPro-algorithms hmacgostr3411(10) }
This algorithm has the same parameters, as GOST R 34.11-94 digest
algorithm, and uses the same OIDs for their identification (see
[CPPK]).
7 Using with S/MIME
This section defines use of the algorithms defined in this document
together with S/MIME [RFC 3851].
7.1 Parameter micalg
When using the algorithms defined in this document, micalg parameter
SHOULD be set to "gostr3411-94" or it MAY be set to "unknown".
7.2 Attribute SMIMECapabilities
The SMIMECapability value which indicates support for the GOST R
34.11-94 digest algorithm is the SEQUENCE with the capabilityID field
containing the object identifier id-GostR3411-94 and no parameters.
The DER encoding is:
30 08 06 06 2A 85 03 02 02 09
Leontiev, Chudov Informational [Page 9]
Internet-Draft Using GOST with CMS July 2005
The SMIMECapability value which indicates support for the GOST
28147-89 encryption algorithm is the SEQUENCE with the capabilityID
field containing the object identifier id-Gost28147-89 and no
parameters. The DER encoding is:
30 08 06 06 2A 85 03 02 02 15
If the sender wishes to indicate support for a specific parameter
set, SMIMECapability parameters MUST contain the
Gost28147-89-Parameters structure. Recipients MUST ignore the
Gost28147-89-Parameters iv field, and assume that the sender supports
parameters, specified in Gost28147-89-Parameters encryptionParamSet
field.
The DER encoding for the SMIMECapability, indicating support for GOST
28147-89 with id-Gost28147-89-CryptoPro-A-ParamSet (see [CPALGS]) is:
30 1D 06 06 2A 85 03 02 02 15 30 13 04 08 00 00
00 00 00 00 00 00 06 07 2A 85 03 02 02 1F 01
8 Security Considerations
Conforming applications MUST use unique values for ukm and iv.
Recipients MAY verify that ukm and iv, specified by the sender, are
unique.
It is RECCOMENDED that software applications verify signature values,
subject public keys and algorithm parameters to conform to
[GOSTR341001] [GOSTR341094] standards prior to their use.
Cryptographic algorithm parameters affect rigidity of algorithms.
The use of parameters not listed in [CPALGS] is NOT RECOMENDED (see
Security Considerations section of [CPALGS]).
Use of the same key for signature and key derivation is NOT
RECOMMENDED. When signed CMS documents are used as an analogue to a
manual signing, in the context of Russian Federal Digital Signature
Law [RFDSL], signer certificate MUST contain the keyUsage extension,
it MUST be critical, and keyUsage MUST NOT include keyEncipherment or
keyAgreement. Application SHOULD be submited for examination by an
authorized agency in appropriate levels of target_of_evaluation
(TOE), according to [RFDSL], [RFLLIC] and [CRYPTOLIC].
Leontiev, Chudov Informational [Page 10]
Internet-Draft Using GOST with CMS July 2005
9 Appendix Examples
9.1 Signed message
0 30 296: SEQUENCE {
4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 A0 281: [0] {
19 30 277: SEQUENCE {
23 02 1: INTEGER 1
26 31 12: SET {
28 30 10: SEQUENCE {
30 06 6: OBJECT IDENTIFIER id_GostR3411_94 ( 1 2 643 2 2 9)
38 05 0: NULL
: }
: }
40 30 27: SEQUENCE {
42 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
53 A0 14: [0] {
55 04 12: OCTET STRING
: 73 61 6D 70 6C 65 20 74 65 78 74 0A
: }
: }
69 31 228: SET {
72 30 225: SEQUENCE {
75 02 1: INTEGER 1
78 30 129: SEQUENCE {
81 30 109: SEQUENCE {
83 31 31: SET {
85 30 29: SEQUENCE {
87 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
92 0C 22: UTF8String 'GostR3410-2001 example'
: }
: }
116 31 18: SET {
118 30 16: SEQUENCE {
120 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
125 0C 9: UTF8String 'CryptoPro'
: }
: }
136 31 11: SET {
138 30 9: SEQUENCE {
140 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
145 13 2: PrintableString 'RU'
: }
: }
149 31 41: SET {
151 30 39: SEQUENCE {
153 06 9: OBJECT IDENTIFIER
Leontiev, Chudov Informational [Page 11]
Internet-Draft Using GOST with CMS July 2005
: emailAddress (1 2 840 113549 1 9 1)
164 16 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
192 02 16: INTEGER
: 48 E9 54 A5 CF E9 69 F5 C9 5C F7 55 E7 83 41 AF
: }
210 30 10: SEQUENCE {
212 06 6: OBJECT IDENTIFIER
: id_GostR3411_94 ( 1 2 643 2 2 9)
220 05 0: NULL
: }
222 30 10: SEQUENCE {
224 06 6: OBJECT IDENTIFIER
: id_GostR3410_2001 ( 1 2 643 2 2 19)
232 05 0: NULL
: }
234 04 64: OCTET STRING
: 6D C4 2D E5 C8 E8 8C 2E E0 77 AA 8C 75 0F C4 18
: 09 0B 8A 23 D4 50 F3 0E 2B 6F 59 E8 8D 54 5D F9
: A7 4D 36 41 48 36 22 17 32 A1 F5 CA 1C FD 56 FE
: C4 53 47 0D 5D 24 B9 88 70 D9 F6 0A 8A 54 DB 54
: }
: }
: }
: }
: }
9.2 Enveloped message using Key Agreement
0 30 452: SEQUENCE {
4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
15 A0 437: [0] {
19 30 433: SEQUENCE {
23 02 1: INTEGER 2
26 31 377: SET {
30 A1 373: [1] {
34 02 1: INTEGER 3
37 A0 168: [0] {
40 A1 165: [1] {
43 30 28: SEQUENCE {
45 06 6: OBJECT IDENTIFIER
: GOST R 34.10-94 (1 2 643 2 2 20)
53 30 18: SEQUENCE {
55 06 7: OBJECT IDENTIFIER '1 2 643 2 2 32 2'
64 06 7: OBJECT IDENTIFIER '1 2 643 2 2 30 1'
: }
Leontiev, Chudov Informational [Page 12]
Internet-Draft Using GOST with CMS July 2005
: }
73 03 132: BIT STRING 0 unused bits, encapsulates {
77 04 128: OCTET STRING
: 4D FC D3 19 15 65 E6 A8 CD 2E F4 94 1D E9 1D 8E
: 38 74 EF 67 CD 39 59 DB B3 F4 07 63 A0 A1 0D 72
: 1B 88 9A DB FC 0A C6 D6 27 1D 0A 40 8A 4E C7 E8
: FE 5B 36 C9 B9 A2 71 13 89 29 09 C7 73 AD 7E 07
: CD AB FA 4B FA FC 0D 1B 66 D2 60 49 87 B0 B2 ED
: 13 EE BA D2 2F BB 4B E5 DD 84 B7 65 85 10 49 8A
: 01 A5 F5 4C 24 FB 49 AB 1D 5D D8 A6 F4 F4 27 9B
: F7 F7 97 7A F9 D9 7B DB F5 A0 29 F6 8D C9 AB 46
: }
: }
: }
208 30 29: SEQUENCE {
210 06 6: OBJECT IDENTIFIER GOST R 34.10-94 (1 2 643 2 2 20)
218 30 19: SEQUENCE {
220 06 7: OBJECT IDENTIFIER '1 2 643 2 2 31 1'
229 04 8: OCTET STRING
: 97 27 17 E0 05 B0 D0 5A
: }
: }
239 30 165: SEQUENCE {
242 30 162: SEQUENCE {
245 30 116: SEQUENCE {
247 30 102: SEQUENCE {
249 31 11: SET {
251 30 9: SEQUENCE {
253 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
258 13 2: PrintableString 'RU'
: }
: }
262 31 15: SET {
264 30 13: SEQUENCE {
266 06 3: OBJECT IDENTIFIER localityName (2 5 4 7)
271 13 6: PrintableString 'Moscow'
: }
: }
279 31 23: SET {
281 30 21: SEQUENCE {
283 06 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
288 13 14: PrintableString 'OOO Crypto-Pro'
: }
: }
304 31 20: SET {
306 30 18: SEQUENCE {
308 06 3: OBJECT IDENTIFIER
Leontiev, Chudov Informational [Page 13]
Internet-Draft Using GOST with CMS July 2005
: organizationalUnitName (2 5 4 11)
313 13 11: PrintableString 'Development'
: }
: }
326 31 23: SET {
328 30 21: SEQUENCE {
330 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
335 13 14: PrintableString 'CP CSP Test CA'
: }
: }
: }
351 02 10: INTEGER
: 32 C7 ED 5B 00 03 00 00 12 82
: }
363 04 42: OCTET STRING, encapsulates {
365 30 40: SEQUENCE {
367 04 32: OCTET STRING
: 57 22 EF 5F 03 7C AF AD 74 7E 0C C4 52 9F 0D 96
: F2 5B 42 23 0D 6A EC 7A 98 90 7F CC D8 2F E5 72
401 04 4: OCTET STRING
: C6 E0 DE 69
: }
: }
: }
: }
: }
: }
407 30 47: SEQUENCE {
409 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
420 30 29: SEQUENCE {
422 06 6: OBJECT IDENTIFIER GOST 28147-89 (1 2 643 2 2 21)
430 30 19: SEQUENCE {
432 04 8: OCTET STRING
: BF 68 D1 74 95 19 F0 13
442 06 7: OBJECT IDENTIFIER '1 2 643 2 2 31 1'
: }
: }
451 80 3: [0]
: B1 7F 12
: }
: }
: }
: }
9.3 Enveloped message using Key Transport
0 30 468: SEQUENCE {
4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
Leontiev, Chudov Informational [Page 14]
Internet-Draft Using GOST with CMS July 2005
15 A0 453: [0] {
19 30 449: SEQUENCE {
23 02 1: INTEGER 0
26 31 393: SET {
30 30 389: SEQUENCE {
34 02 1: INTEGER 0
37 30 116: SEQUENCE {
39 30 102: SEQUENCE {
41 31 11: SET {
43 30 9: SEQUENCE {
45 06 3: OBJECT IDENTIFIER countryName (2 5 4 6)
50 13 2: PrintableString 'RU'
: }
: }
54 31 15: SET {
56 30 13: SEQUENCE {
58 06 3: OBJECT IDENTIFIER localityName (2 5 4 7)
63 13 6: PrintableString 'Moscow'
: }
: }
71 31 23: SET {
73 30 21: SEQUENCE {
75 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
80 13 14: PrintableString 'OOO Crypto-Pro'
: }
: }
96 31 20: SET {
98 30 18: SEQUENCE {
100 06 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
105 13 11: PrintableString 'Development'
: }
: }
118 31 23: SET {
120 30 21: SEQUENCE {
122 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
127 13 14: PrintableString 'CP CSP Test CA'
: }
: }
: }
143 02 10: INTEGER
: 1A 04 13 2F 00 03 00 00 0F 61
: }
155 30 28: SEQUENCE {
157 06 6: OBJECT IDENTIFIER GOST R 34.10-94 (1 2 643 2 2 20)
165 30 18: SEQUENCE {
167 06 7: OBJECT IDENTIFIER '1 2 643 2 2 32 2'
176 06 7: OBJECT IDENTIFIER '1 2 643 2 2 30 1'
Leontiev, Chudov Informational [Page 15]
Internet-Draft Using GOST with CMS July 2005
: }
: }
185 04 235: OCTET STRING, encapsulates {
188 30 232: SEQUENCE {
191 30 40: SEQUENCE {
193 04 32: OCTET STRING
: 6B B6 75 7D 48 FD FC 6C B1 51 48 4F 0D 92 1F B0
: 5D 3A 93 11 DC 8A 13 0D 42 77 6C DC 1A 5E 87 F7
227 04 4: OCTET STRING
: 0A A3 26 A0
: }
233 A0 187: [0] {
236 06 7: OBJECT IDENTIFIER '1 2 643 2 2 31 1'
245 A0 165: [0] {
248 30 28: SEQUENCE {
250 06 6: OBJECT IDENTIFIER
: GOST R 34.10-94 (1 2 643 2 2 20)
258 30 18: SEQUENCE {
260 06 7: OBJECT IDENTIFIER '1 2 643 2 2 32 2'
269 06 7: OBJECT IDENTIFIER '1 2 643 2 2 30 1'
: }
: }
278 03 132: BIT STRING 0 unused bits, encapsulates {
282 04 128: OCTET STRING
: 47 A6 19 5E D6 FF E2 6A 6C 32 94 9D 6D 8C 1A 82
: C2 C4 0D 73 09 4E 01 3B B0 32 FE EE 79 1F C7 CC
: DB 27 B0 52 4F E1 10 B1 26 B9 22 51 37 64 F2 06
: 33 13 00 D0 31 3F E4 B6 D2 D6 F7 31 B9 63 4F 02
: 05 DD 16 E1 AD 0E E4 B7 CC B8 89 D1 20 D3 EA 45
: 53 02 8C 03 21 7C F2 0C BE BB 0D 7F 4E 04 E5 A5
: 3D F6 7F 2A 1E 17 40 59 4D 9D C5 4A ED 03 15 93
: B9 76 E6 41 BC 3B 70 18 90 B7 4A 7C 8F 4B 06 7D
: }
: }
413 04 8: OCTET STRING
: CA CD 7B 87 B9 60 17 68
: }
: }
: }
: }
: }
423 30 47: SEQUENCE {
425 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
436 30 29: SEQUENCE {
438 06 6: OBJECT IDENTIFIER GOST 28147-89 (1 2 643 2 2 21)
446 30 19: SEQUENCE {
448 04 8: OCTET STRING
: 56 9C 94 5C 37 0F B2 59
Leontiev, Chudov Informational [Page 16]
Internet-Draft Using GOST with CMS July 2005
458 06 7: OBJECT IDENTIFIER '1 2 643 2 2 31 1'
: }
: }
467 80 3: [0]
: E5 CE CA
: }
: }
: }
: }
10 Appendix ASN.1 Modules
Additional ASN.1 modules, referenced here, can be found in [CPALGS].
10.1 GostR3410-EncryptionSyntax
GostR3410-EncryptionSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-EncryptionSyntax(5) 2 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
id-CryptoPro-algorithms,
gost28147-89-EncryptionSyntax,
gostR3410-94-PKISyntax,
gostR3410-2001-PKISyntax,
ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
FROM Cryptographic-Gost-Useful-Definitions
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
id-GostR3410-94,
GostR3410-94-PublicKeyParameters,
GostR3410-94-PublicKeyAlgorithms
FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax
id-GostR3410-2001,
GostR3410-2001-PublicKeyParameters,
GostR3410-2001-PublicKeyAlgorithms
Leontiev, Chudov Informational [Page 17]
Internet-Draft Using GOST with CMS July 2005
FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax
id-Gost28147-89-TestParamSet,
id-Gost28147-89-CryptoPro-A-ParamSet,
id-Gost28147-89-CryptoPro-B-ParamSet,
id-Gost28147-89-CryptoPro-C-ParamSet,
id-Gost28147-89-CryptoPro-D-ParamSet,
id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
id-Gost28147-89-CryptoPro-Simple-D-ParamSet,
Gost28147-89-EncryptedKey
FROM Gost28147-89-EncryptionSyntax
gost28147-89-EncryptionSyntax
SubjectPublicKeyInfo, AlgorithmIdentifier
FROM PKIX1Explicit88 {iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
id-mod(0) id-pkix1-explicit-88(1)}
;
-- CMS/PKCS#7 key transport algorithm & parameters
-- OID for CMS/PKCS#7 Key transport is id-GostR3410-94 from
-- GostR3410-94-PKISyntax or id-GostR3410-2001 from
-- GostR3410-2001-PKISyntax
-- Parameters for CMS/PKCS#7 Key transport are
-- GostR3410-94-PublicKeyParameters from
-- GostR3410-94-PKISyntax with encryptionParameterOID or
-- GostR3410-2001-PublicKeyParameters from
-- GostR3410-2001-PKISyntax with encryptionParameterOID
-- Algorithm for CMS/PKCS#7 Key transport iare
-- GostR3410-94-PublicKeyAlgorithms from
-- GostR3410-94-PKISyntax or
-- GostR3410-2001-PublicKeyAlgorithms from
-- GostR3410-2001-PKISyntax
-- SMIMECapability for CMS/PKCS#7 Key transport are
-- id-GostR3410-94 from GostR3410-94-PKISyntax or
-- id-GostR3410-2001 from GostR3410-2001-PKISyntax
id-GostR3410-94-KeyTransportSMIMECapability
OBJECT IDENTIFIER ::= id-GostR3410-94
id-GostR3410-2001-KeyTransportSMIMECapability
OBJECT IDENTIFIER ::= id-GostR3410-2001
GostR3410-KeyTransport ::=
SEQUENCE {
sessionEncryptedKey Gost28147-89-EncryptedKey,
transportParameters [0]
IMPLICIT GostR3410-TransportParameters OPTIONAL
}
GostR3410-TransportParameters ::=
SEQUENCE {
encryptionParamSet
Leontiev, Chudov Informational [Page 18]
Internet-Draft Using GOST with CMS July 2005
OBJECT IDENTIFIER (
id-Gost28147-89-TestParamSet |
-- Only for testing purposes
id-Gost28147-89-CryptoPro-A-ParamSet |
id-Gost28147-89-CryptoPro-B-ParamSet |
id-Gost28147-89-CryptoPro-C-ParamSet |
id-Gost28147-89-CryptoPro-D-ParamSet |
id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
id-Gost28147-89-CryptoPro-Simple-B-ParamSet |
id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
id-Gost28147-89-CryptoPro-Simple-D-ParamSet
),
ephemeralPublicKey [0]
IMPLICIT SubjectPublicKeyInfo OPTIONAL,
ukm OCTET STRING ( SIZE(8) )
}
GostR3410-KeyEncryptionAlgorithms
ALGORITHM-IDENTIFIER ::= {
{ GostR3410-94-PublicKeyParameters IDENTIFIED BY
id-GostR3410-94 } |
{ GostR3410-2001-PublicKeyParameters IDENTIFIED BY
id-GostR3410-2001 }
}
END -- GostR3410-EncryptionSyntax
10.2 GostR3410-94-SignatureSyntax
GostR3410-94-SignatureSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-94-SignatureSyntax(3) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
gostR3410-94-PKISyntax, ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
FROM Cryptographic-Gost-Useful-Definitions
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
Leontiev, Chudov Informational [Page 19]
Internet-Draft Using GOST with CMS July 2005
id-GostR3410-94,
GostR3410-94-PublicKeyParameters
FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax
;
-- GOST R 34.10-94 signature data type
GostR3410-94-Signature ::=
OCTET STRING (SIZE (64))
-- GOST R 34.10-94 signature algorithm & parameters
GostR3410-94-CMSSignatureAlgorithms ALGORITHM-IDENTIFIER ::= {
{ GostR3410-94-PublicKeyParameters IDENTIFIED BY
id-GostR3410-94 }
}
END -- GostR3410-94-SignatureSyntax
10.3 GostR3410-2001-SignatureSyntax
GostR3410-2001-SignatureSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-2001-SignatureSyntax(10) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
IMPORTS
gostR3410-2001-PKISyntax, ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions
FROM Cryptographic-Gost-Useful-Definitions
{ iso(1) member-body(2) ru(643) rans(2)
cryptopro(2) other(1) modules(1)
cryptographic-Gost-Useful-Definitions(0) 1 }
id-GostR3410-2001,
GostR3410-2001-PublicKeyParameters
FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax
;
-- GOST R 34.10-2001 signature data type
GostR3410-2001-Signature ::=
OCTET STRING (SIZE (64))
-- GOST R 34.10-2001 signature algorithms and parameters
GostR3410-2001-CMSSignatureAlgorithms
ALGORITHM-IDENTIFIER ::= {
Leontiev, Chudov Informational [Page 20]
Internet-Draft Using GOST with CMS July 2005
{ GostR3410-2001-PublicKeyParameters IDENTIFIED BY
id-GostR3410-2001 }
}
END -- GostR3410-2001-SignatureSyntax
11 References
Normative references:
[GOST28147] "Cryptographic Protection for Data Processing System",
GOST 28147-89, Gosudarstvennyi Standard of USSR, Gov-
ernment Committee of the USSR for Standards, 1989. (In
Russian);
[GOSTR341094] "Information technology. Cryptographic Data Security.
Produce and check procedures of Electronic Digital Sig-
natures based on Asymmetric Cryptographic Algorithm.",
GOST R 34.10-94, Gosudarstvennyi Standard of Russian
Federation, Government Committee of the Russia for
Standards, 1994. (In Russian);
[GOSTR341001] "Information technology. Cryptographic data security.
Signature and verification processes of [electronic]
digital signature.", GOST R 34.10-2001, Gosudarstvennyi
Standard of Russian Federation, Government Committee of
the Russia for Standards, 2001. (In Russian);
[GOSTR341194] "Information technology. Cryptographic Data Security.
Hashing function.", GOST R 34.10-94, Gosudarstvennyi
Standard of Russian Federation, Government Committee of
the Russia for Standards, 1994. (In Russian);
[RFC 3280] Housley, R., Polk, W., Ford, W. and D. Solo,
"Internet X.509 Public Key Infrastructure Certificate
and Certificate Revocation List (CRL) Profile", RFC
3280, April 2002.
[RFC 3279] Algorithms and Identifiers for the Internet X.509 Pub-
lic Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile. L. Bassham, W.
Polk, R. Housley. April 2002.
Leontiev, Chudov Informational [Page 21]
Internet-Draft Using GOST with CMS July 2005
[RFC 2119] Bradner, S., "Key Words for Use in RFCs to Indi-
cateRequirement Levels", BCP 14, RFC 2119, March 1997.
[CMS] R. Housley, "Cryptographic Message Syntax", RFC 3369,
August 2002
[RFC 3851] B. Ramsdell, "Secure/Multipurpose Internet Mail Exten-
sions (S/MIME) Version 3.1 Message Specification", RFC
3851. July 2004
[X.208-88] CCITT. Recommendation X.208: Specification of Abstract
Syntax Notation One (ASN.1). 1988.
[X.209-88] CCITT. Recommendation X.209: Specification of Basic
Encoding Rules for Abstract Syntax Notation One
(ASN.1). 1988..
[CPPK] S. Leontiev, D. Shefanovskij, "Using the GOST R
34.10-94, GOST R 34.10-2001 and GOST R 34.11-94 algo-
rithms with the Internet X.509 Public Key Infrastruc-
ture Certificate and CRL Profile.", draft-ietf-pkix-
gost-cppk-02.txt
[CPALGS] V. Popov, I. Kurepkin, S. Leontiev "Additional crypto-
graphic algorithms for use with GOST 28147-89, GOST R
34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algo-
rithms.", draft-popov-cryptopro-cpalgs-03.txt
Informative references:
[Schneier95] B. Schneier, Applied cryptography, second edition,
John Wiley & Sons, Inc., 1995;
[RFDSL] "Russian Federal Digital Signature Law", 10 Jan 2002
N1-FZ
[RFLLIC] "Russian Federal Law on Licensing of Selected Activity
Categories", 08 Aug 2001 N 128-FZ
Leontiev, Chudov Informational [Page 22]
Internet-Draft Using GOST with CMS July 2005
[CRYPTOLIC] "Russian Federal Goverment Regulation on Licensing of
Selected Activity Categories in Cryptography Area", 23
Sep 2002 N 691
Acknowledgments
This document was created in accordance with "Russian Cryptographic
Software Compatibility Agreement", signed by FGUE STC "Atlas",
CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual
compatibility of the products and solutions.
The authors wish to thank:
Microsoft Corporation Russia for provided information about
company products and solutions, and also for technical consulting
in PKI.
RSA Security Russia and Demos Co Ltd for active collaboration and
critical help in creation of this document.
Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative,
creating this document.
This document is based on a contribution of CRYPTO-PRO Company. Any
substantial use of the text from this document must acknowledge
CRYPTO-PRO. CRYPTO-PRO requests that all material mentioning or
referencing this document identify this as "CRYPTO-PRO CPCMS".
Author's Addresses
Serguei Leontiev
CRYPTO-PRO
38, Obraztsova,
Moscow, 127018, Russian Federation
EMail: lse@cryptopro.ru
Vladimir Popov
CRYPTO-PRO
38, Obraztsova,
Moscow, 127018, Russian Federation
EMail: vpopov@cryptopro.ru
Gregory Chudov
CRYPTO-PRO
38, Obraztsova,
Leontiev, Chudov Informational [Page 23]
Internet-Draft Using GOST with CMS July 2005
Moscow, 127018, Russian Federation
EMail: chudov@cryptopro.ru
Alexandr Afanasiev
Factor-TC
office 711, 14, Presnenskij val,
Moscow, 123557, Russian Federation
EMail: afa@factor-ts.ru
Nikolaj Nikishin
Infotecs GmbH
p/b 35, 80-5, Leningradskij prospekt,
Moscow, 125315, Russian Federation
EMail: nikishin@infotecs.ru
Boleslav Izotov
FGUE STC "Atlas"
38, Obraztsova,
Moscow, 127018, Russian Federation
EMail: izotov@stcnet.ru
Elena Minaeva
MD PREI
build 3, 6A, Vtoroj Troitskij per.,
Moscow, Russian Federation
EMail: evminaeva@mo.msk.ru
Serguei Murugov
R-Alpha
4/1, Raspletina,
Moscow, 123060, Russian Federation
EMail: msm@office.ru
Igori Ustinov
Cryptocom
office 239, 51, Leninskij prospekt,
Moscow, 119991, Russian Federation
EMail: igus@cryptocom.ru
Anatolij Erkin
SPRCIS (SPbRCZI)
1, Obrucheva,
St.Petersburg, 195220, Russian Federation
EMail: erkin@nevsky.net
Intellectual Property Statement
Leontiev, Chudov Informational [Page 24]
Internet-Draft Using GOST with CMS July 2005
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Full Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Expires January 2006
Leontiev, Chudov Informational [Page 25]
