--- 1/draft-ietf-sidr-rpki-algs-04.txt	2011-04-13 16:16:30.000000000 +0200
+++ 2/draft-ietf-sidr-rpki-algs-05.txt	2011-04-13 16:16:30.000000000 +0200
@@ -1,19 +1,19 @@
 
 SIDR                                                           G. Huston
 Internet-Draft                                                     APNIC
-Intended status: Standards Track                        November 9, 2010
-Expires: May 13, 2011
+Intended status: Standards Track                          April 13, 2011
+Expires: October 15, 2011
 
- A Profile for Algorithms and Key Sizes for use in the Resource Public
+The Profile for Algorithms and Key Sizes for use in the Resource Public
                            Key Infrastructure
-                    draft-ietf-sidr-rpki-algs-04.txt
+                    draft-ietf-sidr-rpki-algs-05.txt
 
 Abstract
 
    This document specifies the algorithms, algorithms' parameters,
    asymmetric key formats, asymmetric key size and signature format for
    the Resource Public Key Infrastructure subscribers that generate
    digital signatures on certificates, Certificate Revocation Lists, and
    signed objects as well as for the Relying Parties (RPs) that verify
    these digital signatures.
 
@@ -25,25 +25,25 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on May 13, 2011.
+   This Internet-Draft will expire on October 15, 2011.
 
 Copyright Notice
 
-   Copyright (c) 2010 IETF Trust and the persons identified as the
+   Copyright (c) 2011 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
    carefully, as they describe your rights and restrictions with respect
    to this document.  Code Components extracted from this document must
    include Simplified BSD License text as described in Section 4.e of
    the Trust Legal Provisions and are provided without warranty as
@@ -102,24 +102,28 @@
          identifiers [ID.ietf-sidr-res-certs].
 
    When used to generate and verify digital signatures the hash and
    digital signature algorithms are referred together, i.e., "RSA PKCS#1
    v1.5 with SHA-256" or more simply "RSA with SHA-256".  The Object
    Identifier (OID) sha256withRSAEncryption from [RFC4055] MUST be used.
 
    Locations for this OID are as follows:
 
       In the certificate, the OID appears in the signature and
-      signatureAlgorithm fields [RFC4055];- In the CRL, the OID appears
-      in the signatureAlgorithm field [RFC4055]; and,- In CMS
-      SignedData, the OID appears in each SignerInfo signatureAlgoithm
-      field [RFC3370] using the OID from above.
+      signatureAlgorithm fields [RFC4055];
+      In the CRL, the OID appears in the signatureAlgorithm field
+      [RFC4055];
+      In CMS SignedData, the OID appears in each SignerInfo
+      signatureAlgoithm field [RFC3370] using the OID from above; and,
+      In a certification request, the OID appears in the PKCS #10
+      signatureAlgorithm field [RFC2986], or in the Certificate Request
+      Message Format (CRMF) POPOSigningKey signature field [RFC4211].
 
 3.  Asymmetric Key Pair Formats
 
    The RSA key pairs used to compute the signatures MUST have a 2048-bit
    modulus and a public exponent (e) of 65,537.
 
 3.1.  Public Key Format
 
    The Subject's public key is included in subjectPublicKeyInfo
    [RFC5280].  It has two sub-fields: algorithm and subjectPublicKey.
@@ -145,21 +149,21 @@
    in Section 1.2 of [RFC4055].  The structure for the Cryptographic
    Message Syntax (CMS) SignedData's signature field is as specified in
    [RFC3370].
 
 5.  Additional Requirements
 
    It is anticipated that the RPKI will require the adoption of updated
    key sizes and a different set of signature and hash algorithms over
    time, in order to maintain an acceptable level of cryptographic
    security to protect the integrity of signed products in the RPKI.
-   This profile should be updated to specify such future requirements,
+   This profile should be relaced to specify such future requirements,
    as and when appropriate.
 
    CAs and RPs SHOULD be capable of supporting a transition to allow for
    the phased introduction of additional encryption algorithms and key
    specifications, and also accommodate the orderly deprecation of
    previously specified algorithms and keys.  Accordingly, CAs and RPs
    SHOULD be capable of supporting multiple RPKI algorithm and key
    profiles simultaneously within the scope of such anticipated
    transitions.  The recommended procedures to implement such a
    transition of key sizes and algorithms is not specified in this
@@ -204,29 +208,37 @@
               Husotn, G., Michaelson, G., and R. Loomans, "A Profile for
               X.509 PKIX Resource Certificates",
               draft-ietf-sidr-res-certs (work in progress), May 2008.
 
    [ID.ietf-sidr-signed-object]
               Lepinski, M., Chi, A., and S. Kent, "Signed Object
               Template for the Resource Public Key Infrastructure",
               draft-ietf-sidr-signed-object-01.txt (work in progress),
               October 2010.
 
+   [RFC2986]  Nystrom, M. and B. Kaliski, "PKCS #10: Certification
+              Request Syntax Specification Version 1.7", RFC 2986,
+              November 2000.
+
    [RFC3370]  Housley, R., "Cryptographic Message Syntax (CMS)
               Algorithms", RFC 3370, August 2002.
 
    [RFC4055]  Schaad, J., Kaliski, B., and R. Housley, "Additional
               Algorithms and Identifiers for RSA Cryptography for use in
               the Internet X.509 Public Key Infrastructure Certificate
               and Certificate Revocation List (CRL) Profile", RFC 4055,
               June 2005.
 
+   [RFC4211]  Schaad, J., "Internet X.509 Public Key Infrastructure
+              Certificate Request Message Format (CRMF)", RFC 4211,
+              September 2005.
+
    [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
               Housley, R., and W. Polk, "Internet X.509 Public Key
               Infrastructure Certificate and Certificate Revocation List
               (CRL) Profile", RFC 5280, May 2008.
 
    [RFC5754]  Turner, S., "Using SHA2 Algorithms with Cryptographic
               Message Syntax", RFC 5754, January 2010.
 
    [SHS]      National Institute of Standards and Technology (NIST),
               "FIPS Publication 180-3: Secure Hash Standard", FIPS