1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
|
<pre>Internet Engineering Task Force (IETF) R. Housley
Request for Comments: 8423 Vigil Security
Category: Informational L. Zieglar
ISSN: 2070-1721 National Security Agency
July 2018
<span class="h1">Reclassification of Suite B Documents to Historic Status</span>
Abstract
This document reclassifies the RFCs related to the United States
National Security Agency (NSA) Suite B cryptographic algorithms as
Historic, and it discusses the reasons for doing so. This document
moves seven Informational RFCs to Historic status: RFCs 5759, 6239,
6318, 6379, 6380, 6403, and 6460. In addition, it moves three
obsolete Informational RFCs to Historic status: RFCs 4869, 5008, and
5430.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see <a href="./rfc7841#section-2">Section 2 of RFC 7841</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="https://www.rfc-editor.org/info/rfc8423">https://www.rfc-editor.org/info/rfc8423</a>.
<span class="grey">Housley & Zieglar Informational [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc8423">RFC 8423</a> Suite B to Historic July 2018</span>
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
<a href="#section-1">1</a>. Introduction . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-2">2</a>
<a href="#section-2">2</a>. Rationale . . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-3">3</a>. The RFCs Related to Suite B . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-4">4</a>. Documents That Reference the Suite-B-Related RFCs . . . . . . <a href="#page-3">3</a>
<a href="#section-4.1">4.1</a>. Documents That Reference <a href="./rfc4869">RFC 4869</a> . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-4.2">4.2</a>. Documents That Reference <a href="./rfc5759">RFC 5759</a> . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-4.3">4.3</a>. Documents That Reference <a href="./rfc6379">RFC 6379</a> . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-4.4">4.4</a>. Documents That Reference <a href="./rfc6403">RFC 6403</a> . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-4.5">4.5</a>. Documents That Reference <a href="./rfc6460">RFC 6460</a> . . . . . . . . . . . . <a href="#page-5">5</a>
5. Impact of Reclassifying the Suite-B-Related RFCs to Historic 5
<a href="#section-6">6</a>. IANA Considerations . . . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-7">7</a>. Security Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-5">5</a>
<a href="#section-8">8</a>. References . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-8.1">8.1</a>. Normative References . . . . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-8.2">8.2</a>. Informative References . . . . . . . . . . . . . . . . . <a href="#page-7">7</a>
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-8">8</a>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
Several RFCs profile security protocols for use with the National
Security Agency (NSA) Suite B Cryptography. Suite B is no longer
supported by NSA, and the web pages that specify the cryptographic
algorithms are no longer available.
In July 2015, NSA published the Committee for National Security
Systems Advisory Memorandum 02-15 as the first step in replacing
Suite B with NSA's Commercial National Security Algorithm (CNSA)
Suite. Information about the CNSA Suite can be found in [<a href="#ref-CNSA" title=""Commercial National Security Algorithm Suite"">CNSA</a>].
<span class="grey">Housley & Zieglar Informational [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc8423">RFC 8423</a> Suite B to Historic July 2018</span>
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. Rationale</span>
As indicated in [<a href="#ref-CNSA" title=""Commercial National Security Algorithm Suite"">CNSA</a>], NSA is transitioning from Suite B to the CNSA
Suite. As a result, the profiles of the security protocols for the
Suite B algorithms are now only of historic interest.
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. The RFCs Related to Suite B</span>
Between 2007 and 2012, several Suite-B-related RFCs were published to
profile security protocols for use with the Suite B algorithms. They
are:
o [<a href="./rfc4869" title=""Suite B Cryptographic Suites for IPsec"">RFC4869</a>], "Suite B Cryptographic Suites for IPsec" (Obsoleted by
<a href="./rfc6379">RFC 6379</a>)
o [<a href="./rfc5008" title=""Suite B in Secure/ Multipurpose Internet Mail Extensions (S/MIME)"">RFC5008</a>], "Suite B in Secure/Multipurpose Internet Mail
Extensions (S/MIME)" (Obsoleted by <a href="./rfc6318">RFC 6318</a>)
o [<a href="./rfc5430" title=""Suite B Profile for Transport Layer Security (TLS)"">RFC5430</a>], "Suite B Profile for Transport Layer Security (TLS)"
(Obsoleted by <a href="./rfc6460">RFC 6460</a>)
o [<a href="./rfc5759" title=""Suite B Certificate and Certificate Revocation List (CRL) Profile"">RFC5759</a>], "Suite B Certificate and Certificate Revocation List
(CRL) Profile"
o [<a href="./rfc6239" title=""Suite B Cryptographic Suites for Secure Shell (SSH)"">RFC6239</a>], "Suite B Cryptographic Suites for Secure Shell (SSH)"
o [<a href="./rfc6318" title=""Suite B in Secure/ Multipurpose Internet Mail Extensions (S/MIME)"">RFC6318</a>], "Suite B in Secure/Multipurpose Internet Mail
Extensions (S/MIME)"
o [<a href="./rfc6379" title=""Suite B Cryptographic Suites for IPsec"">RFC6379</a>], "Suite B Cryptographic Suites for IPsec"
o [<a href="./rfc6380" title=""Suite B Profile for Internet Protocol Security (IPsec)"">RFC6380</a>], "Suite B Profile for Internet Protocol Security
(IPsec)"
o [<a href="./rfc6403" title=""Suite B Profile of Certificate Management over CMS"">RFC6403</a>], "Suite B Profile of Certificate Management over CMS"
o [<a href="./rfc6460" title=""Suite B Profile for Transport Layer Security (TLS)"">RFC6460</a>], "Suite B Profile for Transport Layer Security (TLS)"
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. Documents That Reference the Suite-B-Related RFCs</span>
These RFCs reference each other several times. These cross-
references are not examined further in this document.
Other RFCs make reference to these Suite-B-related RFCs; these
references are discussed in the following subsections.
<span class="grey">Housley & Zieglar Informational [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc8423">RFC 8423</a> Suite B to Historic July 2018</span>
<span class="h3"><a class="selflink" id="section-4.1" href="#section-4.1">4.1</a>. Documents That Reference <a href="./rfc4869">RFC 4869</a></span>
One other RFC makes reference to <a href="./rfc4869">RFC 4869</a> [<a href="./rfc4869" title=""Suite B Cryptographic Suites for IPsec"">RFC4869</a>].
<a href="./rfc6071">RFC 6071</a>, "IP Security (IPsec) and Internet Key Exchange (IKE)
Document Roadmap" [<a href="./rfc6071" title=""IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap"">RFC6071</a>], points out that <a href="./rfc4869">RFC 4869</a> adds four pre-
defined suites based upon Suite B specifications. They are:
o IKE/ESP suite "Suite-B-GCM-128"
o IKE/ESP suite "Suite-B-GCM-256"
o IKE/AH suite "Suite-B-GMAC-128"
o IKE/AH suite "Suite-B-GMAC-256"
In each case, these suite definitions make use of algorithms that are
defined in other RFCs. No interoperability or security concerns are
raised if implementations continue to make use of these suite names.
<span class="h3"><a class="selflink" id="section-4.2" href="#section-4.2">4.2</a>. Documents That Reference <a href="./rfc5759">RFC 5759</a></span>
One other RFC makes reference to <a href="./rfc5759">RFC 5759</a> [<a href="./rfc5759" title=""Suite B Certificate and Certificate Revocation List (CRL) Profile"">RFC5759</a>].
<a href="./rfc6187">RFC 6187</a>, "X.509v3 Certificates for Secure Shell Authentication"
[<a href="./rfc6187" title=""X.509v3 Certificates for Secure Shell Authentication"">RFC6187</a>], points out that <a href="./rfc5759">RFC 5759</a> provides additional guidance for
Elliptic Curve Digital Signature Algorithm (ECDSA) keys when used
with Suite B.
<span class="h3"><a class="selflink" id="section-4.3" href="#section-4.3">4.3</a>. Documents That Reference <a href="./rfc6379">RFC 6379</a></span>
One other RFC makes reference to <a href="./rfc6379">RFC 6379</a> [<a href="./rfc6379" title=""Suite B Cryptographic Suites for IPsec"">RFC6379</a>].
<a href="./rfc7321">RFC 7321</a>, "Cryptographic Algorithm Implementation Requirements and
Usage Guidance for Encapsulating Security Payload (ESP) and
Authentication Header (AH)" [<a href="./rfc7321" title=""Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)"">RFC7321</a>], points out that the AES-GCM
algorithm is used by Suite B, and it has emerged as the preferred
authenticated encryption method in IPsec. <a href="./rfc7321">RFC 7321</a> has since been
obsoleted by <a href="./rfc8221">RFC 8221</a>.
<span class="h3"><a class="selflink" id="section-4.4" href="#section-4.4">4.4</a>. Documents That Reference <a href="./rfc6403">RFC 6403</a></span>
Two other RFCs make reference to <a href="./rfc6403">RFC 6403</a> [<a href="./rfc6403" title=""Suite B Profile of Certificate Management over CMS"">RFC6403</a>].
<a href="./rfc6402">RFC 6402</a>, "Certificate Management over CMS (CMC) Updates" [<a href="./rfc6402" title=""Certificate Management over CMS (CMC) Updates"">RFC6402</a>],
says that development of the profile for Suite B was the activity
that demonstrated the need for these updates.
<span class="grey">Housley & Zieglar Informational [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc8423">RFC 8423</a> Suite B to Historic July 2018</span>
<a href="./rfc7030">RFC 7030</a>, "Enrollment over Secure Transport" [<a href="./rfc7030" title=""Enrollment over Secure Transport"">RFC7030</a>], points out
that the scenarios in Appendix of <a href="./rfc6403">RFC 6403</a> are very similar to three
of the scenarios described.
<span class="h3"><a class="selflink" id="section-4.5" href="#section-4.5">4.5</a>. Documents That Reference <a href="./rfc6460">RFC 6460</a></span>
Three other RFCs make reference to <a href="./rfc6460">RFC 6460</a> [<a href="./rfc6460" title=""Suite B Profile for Transport Layer Security (TLS)"">RFC6460</a>].
<a href="./rfc6605">RFC 6605</a>, "Elliptic Curve Digital Signature Algorithm (DSA) for
DNSSEC" [<a href="./rfc6605" title=""Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC"">RFC6605</a>], states that material was copied liberally from <a href="./rfc6460">RFC</a>
<a href="./rfc6460">6460</a>. The Standards Track status of <a href="./rfc6605">RFC 6605</a> is not affected by <a href="./rfc6460">RFC</a>
<a href="./rfc6460">6460</a> moving to Historic status.
<a href="./rfc7525">RFC 7525</a>, "Recommendations for Secure Use of Transport Layer Security
(TLS) and Datagram Transport Layer Security (DTLS)" [<a href="./rfc7525" title=""Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)"">RFC7525</a>],
observes that the Suite B profile of TLS 1.2 uses different
ciphersuites.
<a href="./rfc8253">RFC 8253</a>, "PCEPS: Usage of TLS to Provide a Secure Transport for the
Path Computation Element Communication Protocol (PCEP)" [<a href="./rfc8253" title=""PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)"">RFC8253</a>],
points to <a href="./rfc6460">RFC 6460</a> for the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ciphersuites. Both of
these ciphersuites are defined in [<a href="./rfc5289" title=""TLS Elliptic Curve Cipher Suites with SHA- 256/384 and AES Galois Counter Mode (GCM)"">RFC5289</a>], which would have been a
better reference. The Standards Track status of <a href="./rfc8253">RFC 8253</a> is not
affected by <a href="./rfc6460">RFC 6460</a> moving to Historic status.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Impact of Reclassifying the Suite-B-Related RFCs to Historic</span>
No interoperability or security concerns are raised by reclassifying
the Suite-B-related RFCs to Historic status. As described in
<a href="#section-4">Section 4</a>, none of the RFCs being moved to Historic status is the
sole specification of a cryptographic algorithm or an identifier for
a cryptographic algorithm.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. IANA Considerations</span>
This document has no IANA actions.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Security Considerations</span>
No interoperability or security concerns are raised by reclassifying
the Suite-B-related RFCs to Historic status.
NSA is transitioning away from some of the cryptographic algorithms
and key sizes that were employed in the Suite B profiles.
<span class="grey">Housley & Zieglar Informational [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc8423">RFC 8423</a> Suite B to Historic July 2018</span>
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. References</span>
<span class="h3"><a class="selflink" id="section-8.1" href="#section-8.1">8.1</a>. Normative References</span>
[<a id="ref-RFC4869">RFC4869</a>] Law, L. and J. Solinas, "Suite B Cryptographic Suites for
IPsec", <a href="./rfc4869">RFC 4869</a>, DOI 10.17487/RFC4869, May 2007,
<<a href="https://www.rfc-editor.org/info/rfc4869">https://www.rfc-editor.org/info/rfc4869</a>>.
[<a id="ref-RFC5008">RFC5008</a>] Housley, R. and J. Solinas, "Suite B in Secure/
Multipurpose Internet Mail Extensions (S/MIME)", <a href="./rfc5008">RFC 5008</a>,
DOI 10.17487/RFC5008, September 2007,
<<a href="https://www.rfc-editor.org/info/rfc5008">https://www.rfc-editor.org/info/rfc5008</a>>.
[<a id="ref-RFC5430">RFC5430</a>] Salter, M., Rescorla, E., and R. Housley, "Suite B Profile
for Transport Layer Security (TLS)", <a href="./rfc5430">RFC 5430</a>,
DOI 10.17487/RFC5430, March 2009,
<<a href="https://www.rfc-editor.org/info/rfc5430">https://www.rfc-editor.org/info/rfc5430</a>>.
[<a id="ref-RFC5759">RFC5759</a>] Solinas, J. and L. Zieglar, "Suite B Certificate and
Certificate Revocation List (CRL) Profile", <a href="./rfc5759">RFC 5759</a>,
DOI 10.17487/RFC5759, January 2010,
<<a href="https://www.rfc-editor.org/info/rfc5759">https://www.rfc-editor.org/info/rfc5759</a>>.
[<a id="ref-RFC6239">RFC6239</a>] Igoe, K., "Suite B Cryptographic Suites for Secure Shell
(SSH)", <a href="./rfc6239">RFC 6239</a>, DOI 10.17487/RFC6239, May 2011,
<<a href="https://www.rfc-editor.org/info/rfc6239">https://www.rfc-editor.org/info/rfc6239</a>>.
[<a id="ref-RFC6318">RFC6318</a>] Housley, R. and J. Solinas, "Suite B in Secure/
Multipurpose Internet Mail Extensions (S/MIME)", <a href="./rfc6318">RFC 6318</a>,
DOI 10.17487/RFC6318, June 2011,
<<a href="https://www.rfc-editor.org/info/rfc6318">https://www.rfc-editor.org/info/rfc6318</a>>.
[<a id="ref-RFC6379">RFC6379</a>] Law, L. and J. Solinas, "Suite B Cryptographic Suites for
IPsec", <a href="./rfc6379">RFC 6379</a>, DOI 10.17487/RFC6379, October 2011,
<<a href="https://www.rfc-editor.org/info/rfc6379">https://www.rfc-editor.org/info/rfc6379</a>>.
[<a id="ref-RFC6380">RFC6380</a>] Burgin, K. and M. Peck, "Suite B Profile for Internet
Protocol Security (IPsec)", <a href="./rfc6380">RFC 6380</a>,
DOI 10.17487/RFC6380, October 2011,
<<a href="https://www.rfc-editor.org/info/rfc6380">https://www.rfc-editor.org/info/rfc6380</a>>.
[<a id="ref-RFC6403">RFC6403</a>] Zieglar, L., Turner, S., and M. Peck, "Suite B Profile of
Certificate Management over CMS", <a href="./rfc6403">RFC 6403</a>,
DOI 10.17487/RFC6403, November 2011,
<<a href="https://www.rfc-editor.org/info/rfc6403">https://www.rfc-editor.org/info/rfc6403</a>>.
<span class="grey">Housley & Zieglar Informational [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc8423">RFC 8423</a> Suite B to Historic July 2018</span>
[<a id="ref-RFC6460">RFC6460</a>] Salter, M. and R. Housley, "Suite B Profile for Transport
Layer Security (TLS)", <a href="./rfc6460">RFC 6460</a>, DOI 10.17487/RFC6460,
January 2012, <<a href="https://www.rfc-editor.org/info/rfc6460">https://www.rfc-editor.org/info/rfc6460</a>>.
<span class="h3"><a class="selflink" id="section-8.2" href="#section-8.2">8.2</a>. Informative References</span>
[<a id="ref-CNSA">CNSA</a>] National Security Agency, "Commercial National Security
Algorithm Suite", August 2015,
<<a href="https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm">https://www.iad.gov/iad/programs/iad-initiatives/</a>
<a href="https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm">cnsa-suite.cfm</a>>.
[<a id="ref-RFC5289">RFC5289</a>] Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA-
256/384 and AES Galois Counter Mode (GCM)", <a href="./rfc5289">RFC 5289</a>,
DOI 10.17487/RFC5289, August 2008,
<<a href="https://www.rfc-editor.org/info/rfc5289">https://www.rfc-editor.org/info/rfc5289</a>>.
[<a id="ref-RFC6071">RFC6071</a>] Frankel, S. and S. Krishnan, "IP Security (IPsec) and
Internet Key Exchange (IKE) Document Roadmap", <a href="./rfc6071">RFC 6071</a>,
DOI 10.17487/RFC6071, February 2011,
<<a href="https://www.rfc-editor.org/info/rfc6071">https://www.rfc-editor.org/info/rfc6071</a>>.
[<a id="ref-RFC6187">RFC6187</a>] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure
Shell Authentication", <a href="./rfc6187">RFC 6187</a>, DOI 10.17487/RFC6187,
March 2011, <<a href="https://www.rfc-editor.org/info/rfc6187">https://www.rfc-editor.org/info/rfc6187</a>>.
[<a id="ref-RFC6402">RFC6402</a>] Schaad, J., "Certificate Management over CMS (CMC)
Updates", <a href="./rfc6402">RFC 6402</a>, DOI 10.17487/RFC6402, November 2011,
<<a href="https://www.rfc-editor.org/info/rfc6402">https://www.rfc-editor.org/info/rfc6402</a>>.
[<a id="ref-RFC6605">RFC6605</a>] Hoffman, P. and W. Wijngaards, "Elliptic Curve Digital
Signature Algorithm (DSA) for DNSSEC", <a href="./rfc6605">RFC 6605</a>,
DOI 10.17487/RFC6605, April 2012,
<<a href="https://www.rfc-editor.org/info/rfc6605">https://www.rfc-editor.org/info/rfc6605</a>>.
[<a id="ref-RFC7030">RFC7030</a>] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed.,
"Enrollment over Secure Transport", <a href="./rfc7030">RFC 7030</a>,
DOI 10.17487/RFC7030, October 2013,
<<a href="https://www.rfc-editor.org/info/rfc7030">https://www.rfc-editor.org/info/rfc7030</a>>.
[<a id="ref-RFC7321">RFC7321</a>] McGrew, D. and P. Hoffman, "Cryptographic Algorithm
Implementation Requirements and Usage Guidance for
Encapsulating Security Payload (ESP) and Authentication
Header (AH)", <a href="./rfc7321">RFC 7321</a>, DOI 10.17487/RFC7321, August 2014,
<<a href="https://www.rfc-editor.org/info/rfc7321">https://www.rfc-editor.org/info/rfc7321</a>>.
<span class="grey">Housley & Zieglar Informational [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc8423">RFC 8423</a> Suite B to Historic July 2018</span>
[<a id="ref-RFC7525">RFC7525</a>] Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security
(DTLS)", <a href="https://www.rfc-editor.org/bcp/bcp195">BCP 195</a>, <a href="./rfc7525">RFC 7525</a>, DOI 10.17487/RFC7525, May
2015, <<a href="https://www.rfc-editor.org/info/rfc7525">https://www.rfc-editor.org/info/rfc7525</a>>.
[<a id="ref-RFC8253">RFC8253</a>] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody,
"PCEPS: Usage of TLS to Provide a Secure Transport for the
Path Computation Element Communication Protocol (PCEP)",
<a href="./rfc8253">RFC 8253</a>, DOI 10.17487/RFC8253, October 2017,
<<a href="https://www.rfc-editor.org/info/rfc8253">https://www.rfc-editor.org/info/rfc8253</a>>.
Authors' Addresses
Russ Housley
Vigil Security, LLC
918 Spring Knoll Drive
Herndon, VA 20170
United States of America
Email: housley@vigilsec.com
Lydia Zieglar
National Security Agency
9800 Savage Road
Ft. George G. Meade, MD 20755-6940
United States of America
Email: llziegl@nsa.gov
Housley & Zieglar Informational [Page 8]
</pre>
|
