| rfc9921v1.txt | rfc9921.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) H. Birkholz | Internet Engineering Task Force (IETF) H. Birkholz | |||
| Request for Comments: 9921 Fraunhofer SIT | Request for Comments: 9921 Fraunhofer SIT | |||
| Category: Standards Track T. Fossati | Category: Standards Track T. Fossati | |||
| ISSN: 2070-1721 Linaro | ISSN: 2070-1721 Linaro | |||
| M. Riechert | M. Riechert | |||
| Microsoft | Microsoft | |||
| February 2026 | February 2026 | |||
| Concise Binary Object Representation (CBOR) Object Signing and | CBOR Object Signing and Encryption (COSE) Header Parameter for Timestamp | |||
| Encryption (COSE) Header Parameter for Timestamp Tokens as Defined in | Tokens as Defined in RFC 3161 | |||
| RFC 3161 | ||||
| Abstract | Abstract | |||
| This document defines two Concise Binary Object Representation (CBOR) | This document defines two CBOR Object Signing and Encryption (COSE) | |||
| Object Signing and Encryption (COSE) header parameters for | header parameters for incorporating timestamping based on RFC 3161 | |||
| incorporating timestamping based on RFC 3161 into COSE message | into COSE message structures (COSE_Sign and COSE_Sign1). This | |||
| structures (COSE_Sign and COSE_Sign1). This enables the use of | enables the use of established timestamping infrastructure per RFC | |||
| established timestamping infrastructure per RFC 3161 in COSE-based | 3161 in COSE-based protocols. | |||
| protocols. | ||||
| Status of This Memo | Status of This Memo | |||
| This is an Internet Standards Track document. | This is an Internet Standards Track document. | |||
| This document is a product of the Internet Engineering Task Force | This document is a product of the Internet Engineering Task Force | |||
| (IETF). It represents the consensus of the IETF community. It has | (IETF). It represents the consensus of the IETF community. It has | |||
| received public review and has been approved for publication by the | received public review and has been approved for publication by the | |||
| Internet Engineering Steering Group (IESG). Further information on | Internet Engineering Steering Group (IESG). Further information on | |||
| Internet Standards is available in Section 2 of RFC 7841. | Internet Standards is available in Section 2 of RFC 7841. | |||
| skipping to change at line 83 ¶ | skipping to change at line 81 ¶ | |||
| Acknowledgments | Acknowledgments | |||
| Contributors | Contributors | |||
| Authors' Addresses | Authors' Addresses | |||
| 1. Introduction | 1. Introduction | |||
| RFC 3161 [RFC3161] provides a method for timestamping a message | RFC 3161 [RFC3161] provides a method for timestamping a message | |||
| digest to prove that it was created before a given time. | digest to prove that it was created before a given time. | |||
| This document defines two new CBOR Object Signing and Encryption | This document defines two new CBOR Object Signing and Encryption | |||
| (COSE) [STD96] header parameters that carry the TimeStampToken (TST) | (COSE) [RFC9052] header parameters that carry the TimeStampToken | |||
| output [RFC3161], thus allowing existing and widely deployed trust | (TST) output [RFC3161], thus allowing existing and widely deployed | |||
| infrastructure to be used with COSE structures used for signing | trust infrastructure to be used with COSE structures used for signing | |||
| (COSE_Sign and COSE_Sign1). | (COSE_Sign and COSE_Sign1). | |||
| 1.1. Use Cases | 1.1. Use Cases | |||
| This section discusses two use cases, each representing one of the | This section discusses two use cases, each representing one of the | |||
| two modes of use defined in Section 2. As the security | two modes of use defined in Section 2. As the security | |||
| characteristics of the two cases differ, care must be taken when | characteristics of the two cases differ, care must be taken when | |||
| choosing the appropriate mode for a given application. See | choosing the appropriate mode for a given application. See | |||
| Section 5.1 for a discussion on the security of the implementations. | Section 5.1 for a discussion on the security of the implementations. | |||
| skipping to change at line 160 ¶ | skipping to change at line 158 ¶ | |||
| timestamping, motivated by the usage scenarios discussed above. | timestamping, motivated by the usage scenarios discussed above. | |||
| The diagrams in this section illustrate the processing flow of the | The diagrams in this section illustrate the processing flow of the | |||
| specified modes. For simplicity, only the COSE_Sign1 processing is | specified modes. For simplicity, only the COSE_Sign1 processing is | |||
| shown. Similar diagrams for COSE_Sign can be derived by allowing | shown. Similar diagrams for COSE_Sign can be derived by allowing | |||
| multiple private-key parallelogram boxes and replacing the label | multiple private-key parallelogram boxes and replacing the label | |||
| [signature] with [signatures]. | [signature] with [signatures]. | |||
| 2.1. COSE, then Timestamp (CTT) | 2.1. COSE, then Timestamp (CTT) | |||
| Figure 1 shows the case where the signature(s) field of the signed | Figure 1 shows the case where the signature(s) field of the COSE | |||
| COSE object is digested and submitted to a TSA to be timestamped. | signed object is digested and submitted to a TSA to be timestamped. | |||
| The obtained timestamp token is then added back as an unprotected | The obtained timestamp token is then added back as an unprotected | |||
| header into the same COSE object. | header into the same COSE object. | |||
| This mode is utilized when a record of the timing of the signature | This mode is utilized when a record of the timing of the signature | |||
| operation is desired. | operation is desired. | |||
| .--------. .-----. | .--------. .-----. | |||
| | Signer | | TSA | | | Signer | | TSA | | |||
| +--------+----------------------------------. +-----+-------------. | +--------+----------------------------------. +-----+-------------. | |||
| | .-------------. .-----------. .-------. | | .-------------. | | | .-------------. .-----------. .-------. | | .-------------. | | |||
| skipping to change at line 257 ¶ | skipping to change at line 255 ¶ | |||
| into the timestamping machinery and consequently create different | into the timestamping machinery and consequently create different | |||
| kinds of bindings between COSE and TST. To clearly separate their | kinds of bindings between COSE and TST. To clearly separate their | |||
| semantics, two different COSE header parameters are defined as | semantics, two different COSE header parameters are defined as | |||
| described in the following subsections. | described in the following subsections. | |||
| 3.1. 3161-ctt | 3.1. 3161-ctt | |||
| The 3161-ctt COSE _unprotected_ header parameter MUST be used for the | The 3161-ctt COSE _unprotected_ header parameter MUST be used for the | |||
| mode described in Section 2.1. | mode described in Section 2.1. | |||
| The 3161-ctt unprotected header parameter contains a DER-encoded | The 3161-ctt unprotected header parameter contains a DER-encoded TST | |||
| TimeStampToken [RFC3161] wrapped in a CBOR byte string (Major type | [RFC3161] wrapped in a CBOR byte string (Major type 2). | |||
| 2). | ||||
| The MessageImprint sent in the request to the TSA MUST be | The MessageImprint sent in the request to the TSA MUST be | |||
| * the hash of the CBOR-encoded signature field of the COSE_Sign1 | * the hash of the CBOR-encoded signature field of the COSE_Sign1 | |||
| message, or | message, or | |||
| * the hash of the CBOR-encoded signatures field of the COSE_Sign | * the hash of the CBOR-encoded signatures field of the COSE_Sign | |||
| message. | message. | |||
| In either case, to minimize dependencies, the hash algorithm SHOULD | In either case, to minimize dependencies, the hash algorithm SHOULD | |||
| skipping to change at line 385 ¶ | skipping to change at line 382 ¶ | |||
| OCTET STRING | OCTET STRING | |||
| 80 3F AD A2 91 2D 6B 7A 83 3A 27 BD 96 1C C0 5B | 80 3F AD A2 91 2D 6B 7A 83 3A 27 BD 96 1C C0 5B | |||
| C1 CC 16 47 59 B1 C5 6F 7A A7 71 E4 E2 15 26 F7 | C1 CC 16 47 59 B1 C5 6F 7A A7 71 E4 E2 15 26 F7 | |||
| } | } | |||
| 3.2. 3161-ttc | 3.2. 3161-ttc | |||
| The 3161-ttc COSE _protected_ header parameter MUST be used for the | The 3161-ttc COSE _protected_ header parameter MUST be used for the | |||
| mode described in Section 2.2. | mode described in Section 2.2. | |||
| The 3161-ttc protected header parameter contains a DER-encoded | The 3161-ttc protected header parameter contains a DER-encoded TST | |||
| TimeStampToken [RFC3161] wrapped in a CBOR byte string (Major type | [RFC3161] wrapped in a CBOR byte string (Major type 2). | |||
| 2). | ||||
| The MessageImprint sent to the TSA (Section 2.4 of [RFC3161]) MUST be | The MessageImprint sent to the TSA (Section 2.4 of [RFC3161]) MUST be | |||
| the hash of the payload of the COSE signed object. This does not | the hash of the payload of the COSE signed object. This does not | |||
| include the bstr wrapping -- only the payload bytes. (For an | include the bstr wrapping -- only the payload bytes. (For an | |||
| example, see Appendix A.1.) | example, see Appendix A.1.) | |||
| To minimize dependencies, the hash algorithm used for signing the | To minimize dependencies, the hash algorithm used for signing the | |||
| COSE message SHOULD be the same as the algorithm used in the | COSE message SHOULD be the same as the algorithm used in the | |||
| MessageImprint [RFC3161]. However, this may not be possible if the | MessageImprint [RFC3161]. However, this may not be possible if the | |||
| timestamp requester and the COSE message signer are different | timestamp requester and the COSE message signer are different | |||
| entities. | entities. | |||
| 4. Timestamp Processing | 4. Timestamp Processing | |||
| Timestamp tokens [RFC3161] use Cryptographic Message Syntax (CMS) as | Timestamp tokens [RFC3161] use Cryptographic Message Syntax (CMS) as | |||
| the signature envelope format. [STD70] provides details about | the signature envelope format. [RFC5652] provides details about | |||
| signature verification, and [RFC3161] provides details specific to | signature verification, and [RFC3161] provides details specific to | |||
| timestamp token validation. The payload of the signed timestamp | timestamp token validation. The payload of the signed timestamp | |||
| token is the TSTInfo structure defined in [RFC3161], which contains | token is the TSTInfo structure defined in [RFC3161], which contains | |||
| the MessageImprint that was sent to the TSA. The hash algorithm is | the MessageImprint that was sent to the TSA. The hash algorithm is | |||
| contained in the MessageImprint structure, together with the hash | contained in the MessageImprint structure, together with the hash | |||
| itself. | itself. | |||
| As part of the signature verification, the receiver MUST make sure | As part of the signature verification, the receiver MUST make sure | |||
| that the MessageImprint in the embedded timestamp token matches a | that the MessageImprint in the embedded timestamp token matches a | |||
| hash of either the payload, signature, or signature fields, depending | hash of either the payload, signature, or signature fields, depending | |||
| skipping to change at line 425 ¶ | skipping to change at line 421 ¶ | |||
| Appendix B of [RFC3161] provides an example that illustrates how | Appendix B of [RFC3161] provides an example that illustrates how | |||
| timestamp tokens can be used to verify signatures of a timestamped | timestamp tokens can be used to verify signatures of a timestamped | |||
| message when utilizing X.509 certificates. | message when utilizing X.509 certificates. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| Please review the Security Considerations section in [RFC3161]; these | Please review the Security Considerations section in [RFC3161]; these | |||
| considerations apply to this document as well. | considerations apply to this document as well. | |||
| Also review the Security Considerations section in [STD96]. These | Also review the Security Considerations section in [RFC9052]. These | |||
| considerations apply to this document as well, particularly with | considerations apply to this document as well, particularly with | |||
| regard to the need for implementations to protect private key | regard to the need for implementations to protect private key | |||
| material. Additionally, solutions based on the COSE header | material. Additionally, solutions based on the COSE header | |||
| parameters defined in this document must be able to report | parameters defined in this document must be able to report | |||
| compromised keys promptly. | compromised keys promptly. | |||
| The following scenario assumes that an attacker can manipulate the | The following scenario assumes that an attacker can manipulate the | |||
| clocks on the COSE signer and its relying parties, but not the TSA. | clocks on the COSE signer and its relying parties, but not the TSA. | |||
| It is also assumed that the TSA is a trusted third party, so the | It is also assumed that the TSA is a trusted third party, so the | |||
| attacker cannot impersonate the TSA and create valid timestamp | attacker cannot impersonate the TSA and create valid timestamp | |||
| tokens. In such a setting, any tampering with the COSE signer's | tokens. In such a setting, any tampering with the COSE signer's | |||
| clock does not have an impact, because once the timestamp is obtained | clock does not have an impact, because once the timestamp is obtained | |||
| from the TSA, it becomes the only reliable source of time. However, | from the TSA, it becomes the only reliable source of time. However, | |||
| in both CTT mode and TTC mode, a denial of service can occur if the | in both CTT mode and TTC mode, a denial of service can occur if the | |||
| attacker can adjust the relying party's clock so that the CMS | attacker can adjust the relying party's clock so that the CMS | |||
| validation fails. This could disrupt the timestamp validation. | validation fails. This could disrupt the timestamp validation. | |||
| In CTT mode, an attacker could manipulate the unprotected header by | In CTT mode, an attacker could manipulate the unprotected header by | |||
| removing or replacing the timestamp. To avoid that, the signed COSE | removing or replacing the timestamp. To avoid that, the COSE signed | |||
| object should be integrity protected during transit and at rest. | object should be integrity protected during transit and at rest. | |||
| In TTC mode, the TSA is given an opaque identifier (a cryptographic | In TTC mode, the TSA is given an opaque identifier (a cryptographic | |||
| hash value) for the payload. While this means that the content of | hash value) for the payload. While this means that the content of | |||
| the payload is not directly revealed, to prevent comparison with | the payload is not directly revealed, to prevent comparison with | |||
| known payloads or disclosure of identical payloads being used over | known payloads or disclosure of identical payloads being used over | |||
| time, the payload would need to be armored, e.g., with a nonce that | time, the payload would need to be armored, e.g., with a nonce that | |||
| is shared with the recipient of the header parameter but not the TSA. | is shared with the recipient of the header parameter but not the TSA. | |||
| Such a mechanism can be employed inside the parameters described in | Such a mechanism is out of scope for this document. | |||
| this specification but is out of scope for this document. | ||||
| The resolution, accuracy, and precision of the TSA clock, as well as | The resolution, accuracy, and precision of the TSA clock, as well as | |||
| the expected latency introduced by round trips to and from the TSA, | the expected latency introduced by round trips to and from the TSA, | |||
| must be taken into account when implementing solutions based on the | must be taken into account when implementing solutions based on the | |||
| COSE header parameters defined in this document. | COSE header parameters defined in this document. | |||
| 5.1. Avoiding Semantic Confusion | 5.1. Avoiding Semantic Confusion | |||
| CTT mode and TTC mode have different semantic meanings. An | CTT mode and TTC mode have different semantic meanings. An | |||
| implementation must ensure that the contents of the CTT and TTC | implementation must ensure that the contents of the CTT and TTC | |||
| skipping to change at line 522 ¶ | skipping to change at line 517 ¶ | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, | [RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, | |||
| "Internet X.509 Public Key Infrastructure Time-Stamp | "Internet X.509 Public Key Infrastructure Time-Stamp | |||
| Protocol (TSP)", RFC 3161, DOI 10.17487/RFC3161, August | Protocol (TSP)", RFC 3161, DOI 10.17487/RFC3161, August | |||
| 2001, <https://www.rfc-editor.org/info/rfc3161>. | 2001, <https://www.rfc-editor.org/info/rfc3161>. | |||
| [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, | ||||
| RFC 5652, DOI 10.17487/RFC5652, September 2009, | ||||
| <https://www.rfc-editor.org/info/rfc5652>. | ||||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [STD70] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, | [RFC9052] Schaad, J., "CBOR Object Signing and Encryption (COSE): | |||
| RFC 5652, DOI 10.17487/RFC5652, September 2009, | ||||
| <https://www.rfc-editor.org/info/rfc5652>. | ||||
| [STD96] Schaad, J., "CBOR Object Signing and Encryption (COSE): | ||||
| Structures and Process", STD 96, RFC 9052, | Structures and Process", STD 96, RFC 9052, | |||
| DOI 10.17487/RFC9052, August 2022, | DOI 10.17487/RFC9052, August 2022, | |||
| <https://www.rfc-editor.org/info/rfc9052>. | <https://www.rfc-editor.org/info/rfc9052>. | |||
| Appendix A. Examples | Appendix A. Examples | |||
| A.1. TTC | A.1. TTC | |||
| The payload | The payload | |||
| skipping to change at line 561 ¶ | skipping to change at line 556 ¶ | |||
| } | } | |||
| OCTET STRING | OCTET STRING | |||
| 09 E6 38 D4 AA 95 FD 72 71 86 62 03 59 53 03 BC | 09 E6 38 D4 AA 95 FD 72 71 86 62 03 59 53 03 BC | |||
| E2 32 F4 62 A9 4D 38 E3 93 77 3C D3 AA E3 F6 B0 | E2 32 F4 62 A9 4D 38 E3 93 77 3C D3 AA E3 F6 B0 | |||
| } | } | |||
| BOOLEAN TRUE | BOOLEAN TRUE | |||
| } | } | |||
| which is sent to the TSA. | which is sent to the TSA. | |||
| A TimeStampResp containing the following TimeStampToken is returned: | A TimeStampResp containing the following TST is returned: | |||
| SEQUENCE { | SEQUENCE { | |||
| OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) | OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) | |||
| [0] { | [0] { | |||
| SEQUENCE { | SEQUENCE { | |||
| INTEGER 3 | INTEGER 3 | |||
| SET { | SET { | |||
| SEQUENCE { | SEQUENCE { | |||
| OBJECT IDENTIFIER sha-512 (2 16 840 1 101 3 4 2 3) | OBJECT IDENTIFIER sha-512 (2 16 840 1 101 3 4 2 3) | |||
| NULL | NULL | |||
| skipping to change at line 595 ¶ | skipping to change at line 590 ¶ | |||
| } | } | |||
| OCTET STRING | OCTET STRING | |||
| 09 E6 38 D4 AA 95 FD 72 71 86 62 03 59 53 03 BC | 09 E6 38 D4 AA 95 FD 72 71 86 62 03 59 53 03 BC | |||
| E2 32 F4 62 A9 4D 38 E3 93 77 3C D3 AA E3 F6 B0 | E2 32 F4 62 A9 4D 38 E3 93 77 3C D3 AA E3 F6 B0 | |||
| } | } | |||
| INTEGER 12096870 | INTEGER 12096870 | |||
| GeneralizedTime 29/08/2025 07:45:46 GMT | GeneralizedTime 29/08/2025 07:45:46 GMT | |||
| BOOLEAN TRUE | BOOLEAN TRUE | |||
| [...] | [...] | |||
| The contents of the TimeStampToken are bstr-wrapped and added to the | The contents of the TST are bstr-wrapped and added to the protected | |||
| protected headers bucket, which is then signed alongside the original | headers bucket, which is then signed alongside the original payload | |||
| payload to obtain the COSE_Sign1 object. | to obtain the COSE_Sign1 object. | |||
| 18([ | 18([ | |||
| <<{1: -7, 269: h'3082154906092a864886f70d010702a082153a308215 | <<{1: -7, 269: h'3082154906092a864886f70d010702a082153a308215 | |||
| 36020103310f300d0609608648016503040203050030820184060b2a864886f70d010 | 36020103310f300d0609608648016503040203050030820184060b2a864886f70d010 | |||
| 9100104a08201730482016f3082016b02010106042a0304013031300d060960864801 | 9100104a08201730482016f3082016b02010106042a0304013031300d060960864801 | |||
| 65030402010500042009e638d4aa95fd7271866203595303bce232f462a94d38e3937 | 65030402010500042009e638d4aa95fd7271866203595303bce232f462a94d38e3937 | |||
| 73cd3aae3f6b0020400b89566180f32303235303832393037343534365a0101ffa082 | 73cd3aae3f6b0020400b89566180f32303235303832393037343534365a0101ffa082 | |||
| 0111a482010d308201093111300f060355040a13084672656520545341310c300a060 | 0111a482010d308201093111300f060355040a13084672656520545341310c300a060 | |||
| 355040b130354534131763074060355040d136d546869732063657274696669636174 | 355040b130354534131763074060355040d136d546869732063657274696669636174 | |||
| 65206469676974616c6c79207369676e7320646f63756d656e747320616e642074696 | 65206469676974616c6c79207369676e7320646f63756d656e747320616e642074696 | |||
| skipping to change at line 804 ¶ | skipping to change at line 799 ¶ | |||
| } | } | |||
| OCTET STRING | OCTET STRING | |||
| DD 94 71 EF E7 43 C4 05 13 35 DF 8F 6D 28 82 F3 | DD 94 71 EF E7 43 C4 05 13 35 DF 8F 6D 28 82 F3 | |||
| BA DC 38 77 00 F7 ED 3F 70 91 67 2A 3E EA F7 C8 | BA DC 38 77 00 F7 ED 3F 70 91 67 2A 3E EA F7 C8 | |||
| } | } | |||
| BOOLEAN TRUE | BOOLEAN TRUE | |||
| } | } | |||
| which is sent to the TSA. | which is sent to the TSA. | |||
| A TimeStampResp containing the following TimeStampToken is returned: | A TimeStampResp containing the following TST is returned: | |||
| SEQUENCE { | SEQUENCE { | |||
| OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) | OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) | |||
| [0] { | [0] { | |||
| SEQUENCE { | SEQUENCE { | |||
| INTEGER 3 | INTEGER 3 | |||
| SET { | SET { | |||
| SEQUENCE { | SEQUENCE { | |||
| OBJECT IDENTIFIER sha-512 (2 16 840 1 101 3 4 2 3) | OBJECT IDENTIFIER sha-512 (2 16 840 1 101 3 4 2 3) | |||
| NULL | NULL | |||
| skipping to change at line 838 ¶ | skipping to change at line 833 ¶ | |||
| } | } | |||
| OCTET STRING | OCTET STRING | |||
| DD 94 71 EF E7 43 C4 05 13 35 DF 8F 6D 28 82 F3 | DD 94 71 EF E7 43 C4 05 13 35 DF 8F 6D 28 82 F3 | |||
| BA DC 38 77 00 F7 ED 3F 70 91 67 2A 3E EA F7 C8 | BA DC 38 77 00 F7 ED 3F 70 91 67 2A 3E EA F7 C8 | |||
| } | } | |||
| INTEGER 12100074 | INTEGER 12100074 | |||
| GeneralizedTime 29/08/2025 07:53:00 GMT | GeneralizedTime 29/08/2025 07:53:00 GMT | |||
| BOOLEAN TRUE | BOOLEAN TRUE | |||
| [...] | [...] | |||
| The contents of the TimeStampToken are bstr-wrapped and added to the | The contents of the TST are bstr-wrapped and added to the unprotected | |||
| unprotected headers bucket in the original COSE_Sign1 object to | headers bucket in the original COSE_Sign1 object to obtain the | |||
| obtain the following: | following: | |||
| 18( | 18( | |||
| [ | [ | |||
| / protected h'a10126' / << { | / protected h'a10126' / << { | |||
| / alg / 1:-7 / ECDSA 256 / | / alg / 1:-7 / ECDSA 256 / | |||
| } >>, | } >>, | |||
| / unprotected / { | / unprotected / { | |||
| / 3161-ctt / 270 : h'3082154906092a864886f70d010702a082153a3082 | / 3161-ctt / 270 : h'3082154906092a864886f70d010702a082153a3082 | |||
| 1536020103310f300d0609608648016503040203050030820184060b2a864886f70d0 | 1536020103310f300d0609608648016503040203050030820184060b2a864886f70d0 | |||
| 109100104a08201730482016f3082016b02010106042a0304013031300d0609608648 | 109100104a08201730482016f3082016b02010106042a0304013031300d0609608648 | |||
| End of changes. 16 change blocks. | ||||
| 38 lines changed or deleted | 33 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||