Digital Signatures for the v1.0 Internet Open Trading Protocol (IOTP)
RFC 2802
Network Working Group K. Davidson
Request for Comments: 2802 Differential
Category: Informational Y. Kawatsura
Hitachi
April 2000
Digital Signatures for the v1.0 Internet Open Trading Protocol (IOTP)
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
A syntax and procedures are described for the computation and
verification of digital signatures for use within Version 1.0 of the
Internet Open Trading Protocol (IOTP).
Acknowledgment
This document is based on work originally done on general XML digital
signatures by:
Richard Brown of GlobeSet, Inc. <rdbrown@GlobeSet.com>
Other contributors to the design of the IOTP DSIG DTD include, in
alphabetic order:
David Burdett, Commerce One
Andrew Drapp, Hitachi
Donald Eastlake 3rd, Motorola, Inc.
Davidson & Kawatsura Informational [Page 1]
RFC 2802 Digital Signatures for IOTP April 2000
Table of Contents
1. Introduction............................................3
2. Objective and Requirements..............................3
3. Signature Basics........................................3
3.1 Signature Element......................................3
3.2 Digest Element.........................................4
3.3 Originator and Recipient Information Elements..........5
3.4 Algorithm Element......................................5
4. Detailed Signature Syntax...............................6
4.1 Uniform Resource Names.................................6
4.2 IotpSignatures.........................................6
4.3 Signature Component....................................6
4.3.1 Signature............................................6
4.3.2 Manifest.............................................7
4.3.3 Algorithm............................................9
4.3.4 Digest...............................................9
4.3.5 Attribute...........................................10
4.3.6 OriginatorInfo......................................11
4.3.7 RecipientInfo.......................................11
4.3.8 KeyIdentifier.......................................12
4.3.9 Parameter...........................................13
4.4 Certificate Component.................................13
4.4.1 Certificate.........................................13
4.4.2 IssuerAndSerialNumber...............................14
4.5 Common Components.....................................15
4.5.1 Value...............................................15
4.5.2 Locator.............................................15
5. Supported Algorithms...................................16
5.1 Digest Algorithms.....................................16
5.1.1 SHA1................................................16
5.1.2 DOM-HASH............................................17
5.2 Signature Algorithms..................................17
5.2.1 DSA.................................................17
5.2.2 HMAC................................................18
5.2.3 RSA.................................................20
5.2.4 ECDSA...............................................20
6. Examples...............................................21
7. Signature DTD..........................................23
8. Security Considerations................................25
References................................................26
Authors' Addresses........................................28
Full Copyright Statement..................................29
Davidson & Kawatsura Informational [Page 2]
RFC 2802 Digital Signatures for IOTP April 2000
1. Introduction
The Internet Open Trading Protocol (IOTP) provides a payment system
independent interoperable framework for Internet commerce as
documented in [RFC 2801]. All IOTP messages are XML documents. XML,
the Extensible Markup Language [XML], is a syntactical standard
promulgated by the World Wide Web Consortium. XML is intended
primarily for structuring data exchanged and served over the World
Wide Web.
Although IOTP assumes that any payment system used with it provides
its own security, there are numerous cases where IOTP requires
authentication and integrity services for portions of the XML
messages it specifies.
2. Objective and Requirements
This document covers how digital signatures may be used with XML
documents to provide authentication and tamper-proof protocol
Show full document text