Diffie-Hellman Proof-of-Possession Algorithms
RFC 6955

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'Diffie-Hellman Proof-of-Possession Algorithms' to Proposed Standard (draft-schaad-pkix-rfc2875-bis-08.txt)

The IESG has approved the following document:
- 'Diffie-Hellman Proof-of-Possession Algorithms'
  (draft-schaad-pkix-rfc2875-bis-08.txt) as Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Sean Turner.

A URL of this Internet Draft is:

Technical Summary

This document is an update to RFC 2875 ("Diffie-Hellman
Proof-of-Possession Algorithms").  It extends 2875 to include support
for the Elliptic Curve Diffie-Hellman algorithm along with the SHA-2
family of hash functions.  The proof-of-possession methods described in
this document are used in a Certificate Service Request to demonstrate
possession of a private key that is not capable of producing a digital
signature.  Certificate Signing Requests are normally signed by the
private key matching the public conveyed in the request.  Certain
algorithms such as the Diffie-Hellman family are incapable of creating
digital signatures.  By leveraging their key exchange properties, the
Diffie-Hellman algorithms can be used to provide a proof-of-possession
analogous to a digital signature and sufficient to allow validation of a
Certificate Signing Request. 

Working Group Summary

This draft is not the product of a WG.  RFC 2875 was a product of the
PKIX WG, but when the author asked for WG adoption there was only
lukewarm response.  This is pretty normal for algorithm-type drafts
because the updates basically do the same thing as the RFC they're
updating but use longer outputs and new OIDs (i.e., they're not very
interesting from a technical point of view). The draft was presented to
the PKIX WG in Paris, where the author received some comments that were

Document Quality

Although dense with ASN.1 and cryptographic equations, the 2875bis
document is quite attainable.  The author has implemented the methods
described in the document and provided sample ASN.1 encodings to
demonstrate the expected output of several combinations of the
Diffie-Hellman and hash algorithms. 


Peter Yee (peter at akayla.com) is the document shepherd.
Sean Turner (turners at ieca.com) is the responsible Area Director.