Digital Signatures for the v1.0 Internet Open Trading Protocol (IOTP)
RFC 2802

Document Type RFC - Informational (April 2000; Errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf htmlized with errata bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 2802 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                        K. Davidson
Request for Comments: 2802                                  Differential
Category: Informational                                     Y. Kawatsura
                                                                 Hitachi
                                                              April 2000

 Digital Signatures for the v1.0 Internet Open Trading Protocol (IOTP)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   A syntax and procedures are described for the computation and
   verification of digital signatures for use within Version 1.0 of the
   Internet Open Trading Protocol (IOTP).

Acknowledgment

   This document is based on work originally done on general XML digital
   signatures by:

     Richard Brown of GlobeSet, Inc. <rdbrown@GlobeSet.com>

   Other contributors to the design of the IOTP DSIG DTD include, in
   alphabetic order:

     David Burdett, Commerce One
     Andrew Drapp, Hitachi
     Donald Eastlake 3rd, Motorola, Inc.

Davidson & Kawatsura         Informational                      [Page 1]
RFC 2802              Digital Signatures for IOTP             April 2000

Table of Contents

   1. Introduction............................................3
   2. Objective and Requirements..............................3
   3. Signature Basics........................................3
   3.1 Signature Element......................................3
   3.2 Digest Element.........................................4
   3.3 Originator and Recipient Information Elements..........5
   3.4 Algorithm Element......................................5
   4. Detailed Signature Syntax...............................6
   4.1 Uniform Resource Names.................................6
   4.2 IotpSignatures.........................................6
   4.3 Signature Component....................................6
   4.3.1 Signature............................................6
   4.3.2 Manifest.............................................7
   4.3.3 Algorithm............................................9
   4.3.4 Digest...............................................9
   4.3.5 Attribute...........................................10
   4.3.6 OriginatorInfo......................................11
   4.3.7 RecipientInfo.......................................11
   4.3.8 KeyIdentifier.......................................12
   4.3.9 Parameter...........................................13
   4.4 Certificate Component.................................13
   4.4.1 Certificate.........................................13
   4.4.2 IssuerAndSerialNumber...............................14
   4.5 Common Components.....................................15
   4.5.1 Value...............................................15
   4.5.2 Locator.............................................15
   5. Supported Algorithms...................................16
   5.1 Digest Algorithms.....................................16
   5.1.1 SHA1................................................16
   5.1.2 DOM-HASH............................................17
   5.2 Signature Algorithms..................................17
   5.2.1 DSA.................................................17
   5.2.2 HMAC................................................18
   5.2.3 RSA.................................................20
   5.2.4 ECDSA...............................................20
   6. Examples...............................................21
   7. Signature DTD..........................................23
   8. Security Considerations................................25
   References................................................26
   Authors' Addresses........................................28
   Full Copyright Statement..................................29

Davidson & Kawatsura         Informational                      [Page 2]
RFC 2802              Digital Signatures for IOTP             April 2000

1. Introduction

   The Internet Open Trading Protocol (IOTP) provides a payment system
   independent interoperable framework for Internet commerce as
   documented in [RFC 2801]. All IOTP messages are XML documents. XML,
   the Extensible Markup Language [XML], is a syntactical standard
   promulgated by the World Wide Web Consortium. XML is intended
   primarily for structuring data exchanged and served over the World
   Wide Web.

   Although IOTP assumes that any payment system used with it provides
   its own security, there are numerous cases where IOTP requires
   authentication and integrity services for portions of the XML
   messages it specifies.

2. Objective and Requirements

   This document covers how digital signatures may be used with XML
   documents to provide authentication and tamper-proof protocol
Show full document text