|
1.
|
Clear description of the referenced document:
|
|
|
|
|
2.
|
Status of approval:
|
|
|
Approved in January 2015
|
|
3.
|
Justification for the specific reference:
|
|
|
This standard is refernced in Q.Pro-Trust developed by Q2/11 in 2022.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
Some information may be available in the NIST Patents Database that can be accessed through http://patapsco.nist.gov/ts/220/sharedpatent/index.cfm
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
This NIST document has been produced by Computer Security Division's (CSD) Security Technology Group of NIST has a subgroup that deals specifically with Cryptographic Technology Standards and Guidance (CTSG). CTSG is involved in the development, maintenance, and promotion of a number of standards and guidance that cover a wide range of cryptographic technology.
NIST held a public workshop in the fall of 2000, and a second public workshop in the summer of 2001 that both provided input into this particular document.
Currently, there are five confidentiality modes of operation that can be used with NIST's current encryption algorithms. NIST is considering developing a variety of symmetric key block cipher modes of operation for use with any current and future approved block cipher algorithms.
NIST has long term technical experience in dealing with cryptographic matters. The document has been publicly and internally reviewed before publication.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
NIST SP 800-57-3 Rev. 1 is a finalized and approved recommendation
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
NIST is actively involved in standardization of cryptographic techniques. The crypto tools are of wide general applicability (see e.g. PKI, TLS, IPSEC key management guidelines) NIST continues its research and standardization in the area of key management. Special Publication 800-71 will specify the recommendation for key establishment using symmetric block ciphers.
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
[FIPS 140-2] /
U.S. Department of Commerce, Security Requirements for Cryptographic /
Modules, Federal Information Processing Standards (FIPS) Publication 140-2, National Institute of Standards and Technology, May 25, 2001 (including change notices as of December 3, 2002), 69 pp. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf [accessed 12/23/14]. /
[FIPS 180-4] /
U.S. Department of Commerce, Secure Hash Standard (SHS), Federal Information Processing Standards (FIPS) Publication 180-4, National Institute of Standards and Technology, March 2012, 37 pp. /
http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf [accessed 12/23/14]. /
/
[FIPS 186-4] /
U.S. Department of Commerce, Digital Signature Standard (DSS), Federal Information Processing Standards (FIPS) Publication 186-4, National Institute of Standards and Technology, July 2013, 130 pp. http://dx.doi.org/10.6028/NIST.FIPS.186-4. /
/
[FIPS 197] /
U.S. Department of Commerce, Advanced Encryption Standard (AES), Federal Information Processing Standards (FIPS) Publication 197, National Institute of Standards and Technology, November 2001, 51 pp. /
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [accessed 12/23/14]. /
/
[FIPS 201] /
U.S. Department of Commerce, Personal Identity Verification (PIV) of Federal Employees and Contractors, Federal Information Processing Standards (FIPS) Publication 201-2, National Institute of Standards and Technology, August 2013, 87 pp. http://dx.doi.org/10.6028/NIST.FIPS.201-2. /
/
[RFC 1034] /
P. Mockapetris, Domain Names – Concepts and Facilities, Internet Engineering Task Force (IETF) RFC 1034, November 1987. /
http://www.ietf.org/rfc/rfc1034.txt [accessed 12/23/14]. /
/
[RFC 1035] /
P. Mockapetris, Domain Names – Implementation and Specification, Internet Engineering Task Force (IETF) RFC 1035, November 1987. http://www.ietf.org/rfc/rfc1035.txt [accessed 12/23/14]. /
/
[RFC 1510] /
J. Kohl and C. Neuman, The Kerberos Network Authentication Service (V5), Internet Engineering Task Force (IETF) RFC 1510, September 1993. http://www.ietf.org/rfc/rfc1510.txt [accessed 12/23/14]. /
/
[RFC 2045] /
N. Freed and N. Borenstein, Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies, Internet Engineering Task Force (IETF) RFC 2045, November 1996. /
http://www.ietf.org/rfc/rfc2045.txt [accessed 12/23/14]. /
/
[RFC 2046] /
N. Freed and N. Borenstein, Multipurpose Internet Mail Extensions (MIME) Part 2: Media Types, Internet Engineering Task Force (IETF) RFC 2046, November 1996. http://www.ietf.org/rfc/rfc2046.txt [accessed 12/23/14]. /
/
RFC 2047/
K. Moore, MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text, Internet Engineering Task Force (IETF) RFC 2047, November 1996. /
http://www.ietf.org/rfc/rfc2047.txt [accessed 12/23/14]. /
/
[RFC 2049]/
N. Freed and N. Borenstein, Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples, Internet Engineering Task Force (IETF) RFC 2049, November 1996. http://www.ietf.org/rfc/rfc2049.txt [accessed 12/23/14]. /
/
[RFC 2119] /
S. Bradner, Key words for use in RFCs to Indicate Requirement Levels, Internet Engineering Task Force (IETF) RFC 2119, March 1997. http://www.ietf.org/rfc/rfc2119.txt [accessed 12/23/14]. /
/
[RFC 2246] /
T. Dierks and C. Allen, The TLS Protocol Version 1.0, Internet Engineering Task Force (IETF) RFC 2246, January 1999 (obsoleted by RFC 4346). http://www.ietf.org/rfc/rfc2246.txt [accessed 12/23/14]. /
/
[RFC 2401] /
S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, Internet Engineering Task Force (IETF) RFC 2401, November 1998 (obsoleted by RFC 4301). http://www.ietf.org/rfc/rfc2401.txt [accessed 12/23/14]. /
/
[RFC 2402] /
S. Kent and R. Atkinson, IP Authentication Header, Internet Engineering Task Force (IETF) RFC 2402, November 1998 (obsoleted by RFC 4302 and RFC 4835). http://www.ietf.org/rfc/rfc2402.txt [accessed 12/23/14]. /
/
[RFC 2404] /
C. Madson and R. Glenn, The Use of HMAC-SHA-1-96 within ESP and AH, Internet Engineering Task Force (IETF) RFC 2404, November 1998. http://www.ietf.org/rfc/rfc2404.txt [accessed 12/23/14]. /
[RFC 2405] /
C. Madson and N. Doraswamy, The ESP DES-CBC Cipher Algorithm with Explicit IV, Internet Engineering Task Force (IETF) RFC 2405, November 1998. http://www.ietf.org/rfc/rfc2405.txt [accessed 12/23/14]. /
/
[RFC 2406] /
S. Kent and R. Atkinson, IP Encapsulating Security Payload (ESP), Internet Engineering Task Force (IETF) RFC 2406, November 1998 (obsoleted by RFC 4303 and RFC 4835). http://www.ietf.org/rfc/rfc2406.txt [accessed 12/23/14]. /
/
[RFC 2407] /
D. Piper, The Internet IP Security Domain of Interpretation for ISAKMP, Internet Engineering Task Force (IETF) RFC 2407, November 1998 (obsoleted by RFC 5996). http://www.ietf.org/rfc/rfc2407.txt [accessed 12/23/14]. /
/
[RFC 2408] /
D. Maughan, M. Schertler, M. Schneider, and J. Turner, Internet Security Association and Key Management Protocol (ISAKMP), Internet Engineering Task Force (IETF) RFC 2408, November 1998 (obsoleted by RFC 5996). http://www.ietf.org/rfc/rfc2408.txt [accessed 12/23/14]. /
/
[RFC 2409] /
D. Harkins and D. Carrel, The Internet Key Exchange (IKE), Internet Engineering Task Force (IETF) RFC 2409, November 1998 (obsoleted by RFC 5996). http://www.ietf.org/rfc/rfc2409.txt [accessed 12/23/14]. /
[RFC 2410] /
R. Glenn and S. Kent, The NULL Encryption Algorithm and its Use with IPsec, Internet Engineering Task Force (IETF) RFC 2410, November 1998. http://www.ietf.org/rfc/rfc2410.txt [accessed 12/23/14]. /
/
[RFC 2451] /
R. Pereira and R. Adams, The ESP CBC-Mode Cipher Algorithms, Internet Engineering Task Force (IETF) RFC 2451, November 1998. http://www.ietf.org/rfc/rfc2451.txt [accessed 12/23/14]. /
[RFC 2631] /
E. Rescorla, Diffie-Hellman Key Agreement Method, Internet Engineering Task Force (IETF) RFC 2631, June 1999. /
http://www.ietf.org/rfc/rfc2631.txt [accessed 12/23/14]. /
/
[RFC 2634] /
P. Hoffman (ed.), Enhanced Security Services for S/MIME, Internet Engineering Task Force (IETF) RFC 2634, June 1999. /
http://www.ietf.org/rfc/rfc2634.txt [accessed 12/23/14]. /
/
[RFC 3394] /
J. Schaad and R. Housley, Advanced Encryption Standard (AES) Key Wrap Algorithm, Internet Engineering Task Force (IETF) RFC 3394, September 2002. http://www.ietf.org/rfc/rfc3394.txt [accessed 12/23/14]. /
/
[RFC 3447] /
J. Jonsson and B. Kaliski, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, Internet Engineering Task Force (IETF) RFC 3447, February 2003. /
http://www.ietf.org/rfc/rfc3447.txt [accessed 12/23/14]. /
/
[RFC 3566] /
S. Frankel and H. Herbert, The AES-XCBC-MAC-96 Algorithm and its Use with IPsec, Internet Engineering Task Force (IETF) RFC 3566, September 2003. http://www.ietf.org/rfc/rfc3566.txt [accessed 12/23/14]. /
/
[RFC 3602] /
S. Frankel, R. Glenn and S. Kelly, The AES-CBC Cipher Algorithm and its Use with IPsec, Internet Engineering Task Force (IETF) RFC 3602, September 2003. http://www.ietf.org/rfc/rfc3602.txt [accessed 12/23/14]. /
/
[RFC 3645] /
S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead and R. Hall, Generic Security Service Algorithm for Secret Key Transaction Authentication for DNS (GSS-TSIG), Internet Engineering Task Force (IETF) RFC 3645, October 2003. http://www.ietf.org/rfc/rfc3645.txt [accessed 12/23/14]. /
/
[RFC 3686] /
R. Housley, Using Advanced Encryption Standard (AES) Counter Mode with IPsec Encapsulating Security Payload (ESP), Internet Engineering Task Force (IETF) RFC 3686, January 2004. /
http://www.ietf.org/rfc/rfc3686.txt [accessed 12/23/14]. /
/
[RFC 3962] /
K. Raeburn, Advanced Encryption Standard (AES) Encryption for Kerberos 5, Internet Engineering Task Force (IETF) RFC 3962, February 2005. http://www.ietf.org/rfc/rfc3962.txt [accessed 12/23/14]./
/
[RFC 4033]/
R. Arends, R. Austein, M. Larson, D. Massey and S. Rose, DNS Security Introduction and Requirements, Internet Engineering Task Force (IETF) RFC 4033, March 2005. http://www.ietf.org/rfc/rfc4033.txt [accessed 12/23/14]. /
/
[RFC 4034]/
R. Arends, R. Austein, M. Larson, D. Massey and S. Rose, Resource Records for the DNS Security Extensions, Internet Engineering Task Force (IETF) RFC 4034, March 2005. /
http://www.ietf.org/rfc/rfc4034.txt [accessed 12/23/14]. /
/
[RFC 4035] /
R. Arends, R. Austein, M. Larson, D. Massey and S. Rose, Protocol Modifications for the DNS Security Extensions, Internet Engineering Task Force (IETF) RFC 4035, March 2005. http://www.ietf.org/rfc/rfc4035.txt [accessed 12/23/14]. /
/
[RFC 4106] /
J. Viega and D. McGrew, The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP), Internet Engineering Task Force (IETF) RFC 4106, June 2005. /
http://www.ietf.org/rfc/rfc4106.txt [accessed 12/23/14]. /
/
[RFC 4109] /
P. Hoffman, Algorithms for Internet Key Exchange version 1 (IKEv1), Internet Engineering Task Force (IETF) RFC 4109, May 2005. http://www.ietf.org/rfc/rfc4109.txt [accessed 12/23/14]. /
/
[RFC 4120] /
C. Neuman, T. Yu, S. Hartman and K. Raeburn, The Kerberos Network /
Authentication Service (V5), Internet Engineering Task Force (IETF) RFC 4120, July 2005. /
http://www.ietf.org/rfc/rfc4120.txt [accessed 12/23/14]. /
/
[RFC 4210] /
C. Adams, S. Farrell, T. Kause and T. Mononen, Internet X.509 Public Key /
Infrastructure Certificate Management Protocol (CMP), Internet Engineering Task Force (IETF) RFC 4210, September 2005. /
http://www.ietf.org/rfc/rfc4210.txt [accessed 12/23/14]. /
/
[RFC 4251] /
T. Ylonen and C. Lonvick (ed.), The Secure Shell (SSH) Protocol Architecture, Internet Engineering Task Force (IETF) RFC 4251, January 2006. http://www.ietf.org/rfc/rfc4251.txt [accessed 12/23/14]. /
/
[RFC 4252] /
T. Ylonen and C. Lonvick (ed.), The Secure Shell (SSH) Authentication Protocol, Internet Engineering Task Force (IETF) RFC 4252, January 2006. http://www.ietf.org/rfc/rfc4252.txt [accessed 12/23/14]. /
[RFC 4253] /
T. Ylonen and C. Lonvick (ed.), The Secure Shell (SSH) Transport Layer Protocol, Internet Engineering Task Force (IETF) RFC 4253, January 2006. http://www.ietf.org/rfc/rfc4253.txt [accessed 12/23/14]. /
[RFC 4254] /
T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, Internet Engineering Task Force (IETF) RFC 4254, January 2006. http://www.ietf.org/rfc/rfc4254.txt [accessed 12/23/14]./
/
[RFC 4255]/
J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, Internet Engineering Task Force (IETF) RFC 4255, January 2006. http://www.ietf.org/rfc/rfc4255.txt [accessed 12/23/14]. /
/
[RFC 4288] /
N. Freed and J. Klensin, Media Type Specifications and Registration Procedures, Internet Engineering Task Force (IETF) RFC 4288, December 2005. http://www.ietf.org/rfc/rfc4288.txt [accessed 12/23/14]. /
/
[RFC 4289] /
N. Freed and J. Klensin, Multipurpose Internet Mail Extensions (MIME) Part /
Four: Registration Procedures, Internet Engineering Task Force (IETF) RFC 4289, December 2005. http://www.ietf.org/rfc/rfc4289.txt [accessed 12/23/14]. /
/
[RFC 4301] /
S. Kent and K. Seo, Security Architecture for the Internet Protocol, Internet Engineering Task Force (IETF) RFC 4301, December 2005. http://www.ietf.org/rfc/rfc4301.txt [accessed 12/23/14]. /
[RFC 4302] /
S. Kent, IP Authentication Header, Internet Engineering Task Force (IETF) RFC 4302, December 2005. http://www.ietf.org/rfc/rfc4302.txt [accessed 12/23/14]. /
/
[RFC 4303] /
S. Kent, IP Encapsulating Security Payload (ESP), Internet Engineering Task Force (IETF) RFC 4303, December 2005. /
http://www.ietf.org/rfc/rfc4303.txt [accessed 12/23/14]. /
/
[RFC 4307] /
J. Schiller, Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2), Internet Engineering Task Force (IETF) RFC 4307, December 2005. http://www.ietf.org/rfc/rfc4307.txt [accessed 12/23/14]. /
/
[RFC 4308] /
P. Hoffman, Cryptographic Suites for IPsec, Internet Engineering Task Force (IETF) RFC 4308, December 2005. http://www.ietf.org/rfc/rfc4308.txt [accessed 12/23/14]. /
/
[RFC 4309] /
R. Housley, Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP), Internet Engineering Task Force (IETF) RFC 4309, December 2005. /
http://www.ietf.org/rfc/rfc4309.txt [accessed 12/23/14]. /
/
[RFC 4346] /
T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.1, Internet Engineering Task Force (IETF) RFC 4346, April 2006 (obsoleted by RFC 5246). /
http://www.ietf.org/rfc/rfc4346.txt [accessed 12/23/14]. /
/
[RFC 4419] /
M. Friedl, N. Provos and W. Simpson, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol, Internet Engineering Task Force (IETF) RFC 4419, March 2006. http://www.ietf.org/rfc/rfc4419.txt [accessed 12/23/14]./
/
RFC 4434/
P. Hoffman, The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE), Internet Engineering Task Force (IETF) RFC 4434, February 2006. http://www.ietf.org/rfc/rfc4434.txt [accessed 12/23/14]. /
/
[RFC 4462]/
J. Hutzelman, J. Salowey, J. Galbraith and V. Welch, Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol, Internet Engineering Task Force (IETF) RFC 4462, May 2006. http://www.ietf.org/rfc/rfc4462.txt [accessed 12/23/14]. /
/
[RFC 4511] /
J. Sermersheim (ed.), Lightweight Directory Access Protocol (LDAP): The Protocol, Internet Engineering Task Force (IETF) RFC 4511, June 2006. http://www.ietf.org/rfc/rfc4511.txt [accessed 12/23/14]. /
/
[RFC 4512] /
K. Zeilenga, Lightweight Directory Access Protocol (LDAP): Directory Information Models, Internet Engineering Task Force (IETF) RFC 4512, June 2006. http://www.ietf.org/rfc/rfc4512.txt [accessed 12/23/14]. /
/
[RFC 4543] /
D. McGrew and J. Viega, The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH, Internet Engineering Task Force (IETF) RFC 4543, May 2006. http://www.ietf.org/rfc/rfc4543.txt [accessed 12/23/14]. /
/
[RFC 4556] /
L. Zhu and B. Tung, Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), Internet Engineering Task Force (IETF) RFC 4556, June 2006. http://www.ietf.org/rfc/rfc4556.txt [accessed 12/23/14]. /
/
[RFC 4635] /
D. Eastlake III, HMAC SHA TSIG Algorithm Identifiers, Internet Engineering Task Force (IETF) RFC 4635, August 2006. /
http://www.ietf.org/rfc/rfc4635.txt [accessed 12/23/14]. /
/
[RFC 4754] /
D. Fu and J. Solinas, IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA), Internet Engineering Task Force (IETF) RFC 4754, January 2007. /
http://www.ietf.org/rfc/rfc4754.txt [accessed 12/23/14]. /
/
[RFC 4835] /
V. Manral, Cryptographic Algorithm Implementation Requirements for /
Encapsulating Security Payload (ESP) and Authentication Header (AH), Internet Engineering Task Force (IETF) RFC 4835, April 2007. http://www.ietf.org/rfc/rfc4835.txt [accessed 12/23/14]. /
/
[RFC 4868] /
S. Kelly and S. Frankel, Using HMAC-SHA-256, HMAC-SHA-384, and HMACSHA-512 with IPsec, Internet Engineering Task Force (IETF) RFC 4868, May 2007. http://www.ietf.org/rfc/rfc4868.txt [accessed 12/23/14]./
/
RFC 5019/
A. Deacon and R. Hurst, The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments, Internet Engineering Task Force (IETF) RFC 5019, September 2007. http://www.ietf.org/rfc/rfc5019.txt [accessed 12/23/14]. /
/
[RFC 5035] /
P. Hoffman, Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility, Internet Engineering Task Force (IETF) RFC 5035, August 2007. http://www.ietf.org/rfc/rfc5035.txt [accessed 12/23/14]. /
[RFC 5114] /
M. Lepinski and S. Kent, Additional Diffie-Hellman Groups for Use with IETF Standards, Internet Engineering Task Force (IETF) RFC 5114, January 2008. http://www.ietf.org/rfc/rfc5114.txt [accessed 12/23/14]. /
/
[RFC 5155] /
B. Laurie, G. Sisson, R. Arends and D. Blacka. DNS Security (DNSSEC) Hashed Authenticated Denial of Existence, Internet Engineering Task Force (IETF) RFC 5155, March 2008. http://www.ietf.org/rfc/rfc5155.txt [accessed 12/23/14]. /
/
[RFC 5246] /
T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2, Internet Engineering Task Force (IETF) RFC 5246, August 2008. /
http://www.ietf.org/rfc/rfc5246.txt [accessed 12/23/14]. /
/
[RFC 5272] /
J. Schaad and M. Myers, Certificate Management over CMS (CMC), Internet Engineering Task Force (IETF) RFC 5272, June 2008. http://www.ietf.org/rfc/rfc5272.txt [accessed 12/23/14]. /
/
[RFC 5280] /
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Internet Engineering Task Force (IETF) RFC 5280, May 2008. http://www.ietf.org/rfc/rfc5280.txt [accessed 12/23/14]. /
/
[RFC 5349] /
L. Zhu, K. Jaganathan and K. Lauter, Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), Internet Engineering Task Force (IETF) RFC 5349, September 2009. http://www.ietf.org/rfc/rfc5349.txt [accessed 12/23/14]. /
/
[RFC 5430] /
M. Salter, E. Rescorla and R. Housley, Suite B Profile Transport Layer Security (TLS), Internet Engineering Task Force (IETF) RFC 5430, March 2009. http://www.ietf.org/rfc/rfc5430.txt [accessed 12/23/14]. /
[RFC 5647] /
K. Igoe and J. Solinas, AES Galois Counter Mode for the Secure Shell Transport Layer Protocol, Internet Engineering Task Force (IETF) RFC 5647, August, 2009. http://www.ietf.org/rfc/rfc5647.txt [accessed 12/23/14]. /
/
[RFC 5652] /
R. Housley, Cryptographic Message Syntax (CMS), Internet Engineering Task Force (IETF) RFC 5652, September 2009. http://www.ietf.org/rfc/rfc5652.txt [accessed 12/23/14]./
/
RFC 5656/
D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer, Internet Engineering Task Force (IETF) RFC 5656, December 2009. http://www.ietf.org/rfc/rfc5656.txt [accessed 12/23/14]. /
/
[RFC 5751] /
B. Ramsdell and S. Turner, Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification”, Internet Engineering Task Force (IETF) RFC 5751, January 2010. http://www.ietf.org/rfc/rfc5751.txt [accessed 12/23/14]. /
/
[RFC 5903] /
D. Fu and J. Solinas, Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2, Internet Engineering Task Force (IETF) RFC 5903, June 2010. http://www.ietf.org/rfc/rfc5903.txt [accessed 12/23/14]. /
/
[RFC 5996] /
C. Kaufman, P. Hoffman, Y. Nir and P. Eronen, Internet Key Exchange Protocol Version 2 (IKEv2), Internet Engineering Task Force (IETF) RFC 5996, September 2010. http://www.ietf.org/rfc/rfc5996.txt [accessed 12/23/14]. /
/
[RFC 6113] /
S. Hartman and L. Zhu, A Generalized Framework for Kerberos Pre-/
Authentication, Internet Engineering Task Force (IETF) RFC 6113, April 2011. http://www.ietf.org/rfc/rfc6113.txt [accessed 12/23/14]. /
/
[RFC 6187] /
K. Igoe and D. Stebila, X.509v3 Certificates for Secure Shell Authentication, Internet Engineering Task Force (IETF) RFC 6187, March 2011. http://www.ietf.org/rfc/rfc6187.txt [accessed 12/23/14]. /
/
[RFC 6239] /
K. Igoe, Suite B Cryptographic Suites for Secure Shell (SSH), Internet Engineering Task Force (IETF) RFC 6239, May 2011. /
http://www.ietf.org/rfc/rfc6239.txt [accessed 12/23/14]. /
/
[RFC 6251] /
S. Josefsson, Using Kerberos Version 5 over the Transport Layer Security (TLS) Protocol, Internet Engineering Task Force (IETF) RFC 6251, May 2011. http://www.ietf.org/rfc/rfc6251.txt [accessed 12/23/14]. /
/
[RFC 6318] /
R. Housley and J. Solinas, Suite B in Secure/Multipurpose Internet Mail Extensions (S/MIME), Internet Engineering Task Force (IETF) RFC 6318, June 2011. http://www.ietf.org/rfc/rfc6318.txt [accessed 12/23/14]. /
/
[RFC 6379] /
L. Law and J. Solinas, Suite B Cryptographic Suites for IPsec, Internet Engineering Task Force (IETF) RFC 6379, October 2011. http://www.ietf.org/rfc/rfc6379.txt [accessed 12/23/14]. /
[RFC 6605] /
P. Hoffman and W.C.A. Wijngaards, Elliptic Curve Digital Signature Algorithm (DSA) for DNNSEC, Internet Engineering Task Force (IETF) RFC 6605, April 2012. http://www.ietf.org/rfc/rfc6605.txt [accessed 12/23/14]. /
/
/
RFC 6649/
L. H. Astrand and T. Yu, Deprecate DES, RC4-HMAC-EXP, and Other Weak Cryptographic Algorithms in Kerberos, Internet Engineering Task Force (IETF) RFC 6649, July 2012. /
http://www.ietf.org/rfc/rfc6649.txt [accessed 12/23/14]. /
/
[RFC 6944] /
S. Rose, Applicability Statement: DNS Security (DNSSEC) DNSKEY Algorithm Implementation Status, Internet Engineering Task Force (IETF) RFC 6944, April 2013. http://www.ietf.org/rfc/rfc6944.txt [accessed 12/23/14]. /
/
[RFC 6960] /
S. Santesson, M. Myers, R. Ankney, A. Malpani, S. Galperin and C. Adams, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP, Internet Engineering Task Force (IETF) RFC 6960, June 2013. http://www.ietf.org/rfc/rfc6960.txt [accessed 12/23/14]. /
/
[RFC 7030] /
M. Pritikin, P. Yee and D. Harkins (eds.), Enrollment over Secure Transport, Internet Engineering Task Force (IETF) RFC 7030, October 2013. http://www.ietf.org/rfc/rfc7030.txt [accessed 12/23/14]. /
/
[RFC 7321] /
D. McGrew and P. Hoffman, Cryptographic Algorithm Implementation /
Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH), Internet Engineering Task Force (IETF) RFC 7321, August 2014. /
http://www.ietf.org/rfc/rfc7321.txt [accessed 12/23/14]. /
/
[SP 500-267] /
D. Montgomery, S. Nightingale, S. Frankel and M. Carson, A Profile for IPv6 in the U.S. Government - Version 1.0, National Institute of Standards and Technology, NIST Special Publication 500-267, July 2008, 84 pp. http://www.nist.gov/manuscript-publication-search.cfm?pub_id=900150 [accessed 12/23/14]. /
[SP 800-32] /
D. R. Kuhn, V. C. Hu, W. T. Polk and S.-j. Chang, Introduction to Public Key Technology and the Federal PKI Infrastructure, National Institute of Standards and Technology, NIST Special Publication 800-32, February 26, 2001, 54 pp. /
http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf [accessed 12/23/14]. /
/
[SP 800-38A] /
M. Dworkin, Recommendations for Block Cipher Modes of Operation: Methods and Techniques, National Institute of Standards and Technology, NIST Special Publication 800-38A 2001 Edition, December 2001, 66 pp. /
http://csrc.nist.gov/publications/nistpubs/800-32/sp800-32.pdf [accessed 12/23/14]. /
/
[SP 800-49] /
C. M. Chernick, Federal S/MIME V3 Client Profile, National Institute of Standards and Technology, NIST Special Publication 800-49, November 2002, 27 pp. http://csrc.nist.gov/publications/nistpubs/800-49/sp800-49.pdf [accessed 12/23/14]./
/
/
SP 800-52]/
T. Polk, K. McKay and S. Chokhani, Guidelines for the Selection, Configuration and Use of Transport Layer Security (TLS) Implementations, National Institute of Standards and Technology, NIST Special Publication 800-52 Revision 1, April 2014, 67 pp. http://dx.doi.org/10.6028/NIST.SP.800-52r1. /
/
[SP 800-56A] /
E. Barker, L. Chen, A. Roginsky and M. Smid, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, National Institute of Standards and Technology, NIST Special Publication 800-56A Revision 2, May 2013, 138 pp. /
http://dx.doi.org/10.6028/NIST.SP.800-56Ar2. /
/
[SP 800-56B] /
E. Barker, L. Chen and D. Moody, Recommendation for Pair-Wise Key /
Establishment Schemes Using Integer Factorization Cryptography, National Institute of Standards and Technology, NIST Special Publication 800-56B Revision 1, September 2014, 131 pp. /
http://dx.doi.org/10.6028/NIST.SP.800-56Br1. /
/
[SP 800-57 Part 1] /
E. Barker, W. Barker, W. Burr, W. Polk and M. Smid, Recommendation for Key Management – Part 1: General, National Institute of Standards and Technology, NIST Special Publication 800-57 Part 1 Revision 3, July 2012, 147 pp. http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf [accessed 12/23/14]. /
/
[SP 800-67] /
W. C. Barker and E. Barker, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, National Institute of Standards and Technology, NIST Special Publication 800-67 Revision 1, January 2012, 34 pp. http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf [accessed 12/23/14]. /
/
[SP 800-77] /
S. Frankel, K. Kent, R. Lewkowski, A. D. Orebaugh, R. W. Ritchey and S. R. Shama, Guide to IPsec VPNs, National Institute of Standards and Technology, NIST Special Publication 800-77, December 2005, 126 pp. http://csrc.nist.gov/publications/nistpubs/800-77/sp800-77.pdf [accessed 12/23/14]. /
/
[SP 800-81] /
R. Chandramouli and S. Rose, Secure Domain Name System (DNS) Deployment Guide, National Institute of Standards and Technology, NIST Special Publication 800-81-2, September 2013, 130 pp. http://dx.doi.org/10.6028/NIST.SP.800-81-2. /
/
[SP 800-89] /
E. Barker, Recommendation for Obtaining Assurances for Digital Signature Applications, National Institute of Standards and Technology, NIST Special Publication 800-89, November 2006, 38 pp. /
http://csrc.nist.gov/publications/nistpubs/800-89/SP-800-89_November2006.pdf [accessed 12/23/14]. /
[SP 800-90A] /
E. Barker and J. Kelsey, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, National Institute of Standards and /
Technology, NIST Special Publication (DRAFT) 800-90A, November 2014, 112 pp. http://csrc.nist.gov/publications/PubsSPs.html [accessed 12/23/14]./
/
/
[SP 800-90B] /
E. Barker and J. Kelsey, Recommendation for the Entropy Sources Used for Random Bit Generation, National Institute of Standards and Technology, NIST Special Publication (DRAFT) 800-90B, August 2012 [September 2013], 78 pp. http://csrc.nist.gov/publications/PubsSPs.html [accessed 12/23/14]. /
/
[SP 800-90C] /
E. Barker and J. Kelsey, Recommendation for Random Bit Generator (RBG) Constructions, National Institute of Standards and Technology, NIST Special Publication (DRAFT) 800-90C, August 2012 [September 2013], 50 pp. http://csrc.nist.gov/publications/PubsSPs.html [accessed 12/23/14]. /
/
[SP 800-118] /
K. Scarfone and M. Souppaya, Guide to Enterprise Password Management, National Institute of Standards and Technology, NIST Special Publication (DRAFT) 800-118, April 2009, 38 pp. http://csrc.nist.gov/publications/PubsSPs.html [accessed 12/23/14]. /
/
[SP 800-131A] /
E. Barker and A. Roginsky, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, National Institute of Standards and Technology, NIST Special Publication 800-131A, January 2011, 27 pp. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf [accessed 12/23/14]. /
/
[SP 800-132] /
M. S. Turan, E. Barker, W. Burr and L. Chen, Recommendation for PasswordBased Key Derivation, Part 1: Storage Applications, National Institute of /
Standards and Technology, NIST Special Publication 800-132, December 2010, 18 pp. http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf [accessed 12/23/14]. /
/
[SP 800-135] /
Q. Dang, Recommendation for Existing Application-Specific Key Derivation Functions, National Institute of Standards and Technology, NIST Special Publication 800-135 Revision 1, December 2011, 23 pp. http://csrc.nist.gov/publications/nistpubs/800-135-rev1/sp800-135-rev1.pdf [accessed 12/23/14]. /
/
|
|
9.
|
Qualification of
NIST:
|
|
|
Qualification of NIST: NIST is recognized under the provisions of ITU-T Recommendation A.5. Qualifying information is on file in TSB.
|
|
10.
|
Other (for any supplementary information):
|
|
|
None
|
|
