| rfc8959.original.xml | rfc8959.form.xml | |||
|---|---|---|---|---|
| <?xml version='1.0' encoding='utf-8'?> | <?xml version="1.0" encoding="UTF-8"?> | |||
| <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> | ||||
| <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.3.3 --> | ||||
| <!DOCTYPE rfc SYSTEM "../Tools/rfcbootstrap/rfc2629-xhtml.ent"> | <!DOCTYPE rfc SYSTEM "../Tools/rfcbootstrap/rfc2629-xhtml.ent"> | |||
| <?rfc toc="yes"?> | ||||
| <?rfc tocindent="yes"?> | <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | |||
| <?rfc sortrefs="yes"?> | -nottingham-how-did-that-get-into-the-repo-02" number="0000" obsoletes="" update | |||
| <?rfc symrefs="yes"?> | s="" submissionType="IETF" category="info" consensus="true" xml:lang="en" tocInc | |||
| <?rfc strict="yes"?> | lude="true" sortRefs="true" symRefs="true" version="3"> | |||
| <?rfc compact="yes"?> | ||||
| <?rfc comments="yes"?> | ||||
| <?rfc inline="yes"?> | ||||
| <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft | ||||
| -nottingham-how-did-that-get-into-the-repo-02" category="info" obsoletes="" upda | ||||
| tes="" submissionType="IETF" xml:lang="en" tocInclude="true" sortRefs="true" sym | ||||
| Refs="true" version="3"> | ||||
| <!-- xml2rfc v2v3 conversion 3.2.1 --> | <!-- xml2rfc v2v3 conversion 3.2.1 --> | |||
| <front> | <front> | |||
| <title>The secret-token URI Scheme</title> | <title>The secret-token URI Scheme</title> | |||
| <seriesInfo name="Internet-Draft" value="draft-nottingham-how-did-that-get-i nto-the-repo-02"/> | <seriesInfo name="RFC" value="0000"/> | |||
| <author initials="M." surname="Nottingham" fullname="Mark Nottingham"> | <author initials="M." surname="Nottingham" fullname="Mark Nottingham"> | |||
| <organization/> | <organization/> | |||
| <address> | <address> | |||
| <postal> | <postal> | |||
| <city>Prahran</city> | <city>Prahran</city> | |||
| <region>VIC</region> | <region>VIC</region> | |||
| <country>Australia</country> | <country>Australia</country> | |||
| </postal> | </postal> | |||
| <email>mnot@mnot.net</email> | <email>mnot@mnot.net</email> | |||
| <uri>https://www.mnot.net/</uri> | <uri>https://www.mnot.net/</uri> | |||
| </address> | </address> | |||
| </author> | </author> | |||
| <date year="2020"/> | <date year="2020" month="October" /> | |||
| <area>General</area> | <area>General</area> | |||
| <keyword>Internet-Draft</keyword> | ||||
| <!-- [rfced] Please insert any keywords (beyond those that appear in the title) | ||||
| for use on https://www.rfc-editor.org/search. --> | ||||
| <keyword>example</keyword> | ||||
| <abstract> | <abstract> | |||
| <t>This document registers the "secret-token" URI scheme, to aid in the id entification | <t>This document registers the "secret-token" URI scheme, to aid in the id entification | |||
| of authentication tokens.</t> | of authentication tokens.</t> | |||
| </abstract> | </abstract> | |||
| <note> | <note> | |||
| <name>Note to Readers</name> | <name>Note to Readers</name> | |||
| <t><em>RFC EDITOR: please remove this section before publication</em></t> | <t><em>RFC EDITOR: please remove this section before publication</em></t> | |||
| <t>The issues list for this draft can be found at <eref target="https://gi thub.com/mnot/I-D/labels/how-did-that-get-into-the-repo">https://github.com/mnot /I-D/labels/how-did-that-get-into-the-repo</eref>.</t> | <t>The issues list for this draft can be found at <eref target="https://gi thub.com/mnot/I-D/labels/how-did-that-get-into-the-repo">https://github.com/mnot /I-D/labels/how-did-that-get-into-the-repo</eref>.</t> | |||
| <t>The most recent (often, unpublished) draft is at <eref target="https:// mnot.github.io/I-D/how-did-that-get-into-the-repo/">https://mnot.github.io/I-D/h ow-did-that-get-into-the-repo/</eref>.</t> | <t>The most recent (often, unpublished) draft is at <eref target="https:// mnot.github.io/I-D/how-did-that-get-into-the-repo/">https://mnot.github.io/I-D/h ow-did-that-get-into-the-repo/</eref>.</t> | |||
| <t>Recent changes are listed at <eref target="https://github.com/mnot/I-D/ commits/gh-pages/how-did-that-get-into-the-repo">https://github.com/mnot/I-D/com mits/gh-pages/how-did-that-get-into-the-repo</eref>.</t> | <t>Recent changes are listed at <eref target="https://github.com/mnot/I-D/ commits/gh-pages/how-did-that-get-into-the-repo">https://github.com/mnot/I-D/com mits/gh-pages/how-did-that-get-into-the-repo</eref>.</t> | |||
| skipping to change at line 62 ¶ | skipping to change at line 59 ¶ | |||
| <t>A bearer token is a security token with the property that any party in possession of the token (a | <t>A bearer token is a security token with the property that any party in possession of the token (a | |||
| "bearer") can use the token in any way that any other party in possession of it can. Using a bearer | "bearer") can use the token in any way that any other party in possession of it can. Using a bearer | |||
| token does not require a bearer to prove possession of cryptographic key materia l | token does not require a bearer to prove possession of cryptographic key materia l | |||
| (proof-of-possession).</t> | (proof-of-possession).</t> | |||
| <t>Unfortunately, the number of security incidents involving accidental di sclosure of these tokens has also increased. For example, we now regularly hear about a developer committing an access token to a public source code repository, either because they didn't realise it was included in the committed code, or be cause they didn't realise the implications of its disclosure.</t> | <t>Unfortunately, the number of security incidents involving accidental di sclosure of these tokens has also increased. For example, we now regularly hear about a developer committing an access token to a public source code repository, either because they didn't realise it was included in the committed code, or be cause they didn't realise the implications of its disclosure.</t> | |||
| <t>This specification registers the "secret-token" URI scheme to aid preve ntion of such accidental disclosures. When tokens are easier to unambiguously id entify, they can trigger warnings in Continuous Integration systems, or be used in source code repositories themselves. They can also be scanned for separately. </t> | <t>This specification registers the "secret-token" URI scheme to aid preve ntion of such accidental disclosures. When tokens are easier to unambiguously id entify, they can trigger warnings in Continuous Integration systems, or be used in source code repositories themselves. They can also be scanned for separately. </t> | |||
| <t>For example, if cloud.example.net issues access tokens to its clients f or later use, and it does so by formatting them as secret-token URIs, tokens tha t "leak" into places that they don't belong are easier to identify. This could b e through a variety of mechanisms; for example, if repo.example.com can be confi gured to refuse commits containing secret-token URIs, it helps its customers avo id accidental disclosures.</t> | <t>For example, if cloud.example.net issues access tokens to its clients f or later use, and it does so by formatting them as secret-token URIs, tokens tha t "leak" into places that they don't belong are easier to identify. This could b e through a variety of mechanisms; for example, if repo.example.com can be confi gured to refuse commits containing secret-token URIs, it helps its customers avo id accidental disclosures.</t> | |||
| <t>secret-token URIs are intended to aid in identification of generated se crets like API keys and similar tokens. They are not intended for use in control led situations where ephemeral tokens are used, such as things like Cross-Site R equest Forgery (CSRF) tokens.</t> | <t>secret-token URIs are intended to aid in identification of generated se crets like API keys and similar tokens. They are not intended for use in control led situations where ephemeral tokens are used, such as things like Cross-Site R equest Forgery (CSRF) tokens.</t> | |||
| <section anchor="notational-conventions" numbered="true" toc="default"> | <section anchor="notational-conventions" numbered="true" toc="default"> | |||
| <name>Notational Conventions</name> | <name>Notational Conventions</name> | |||
| <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", " | <t> | |||
| SHOULD", "SHOULD NOT", | The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU | |||
| "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to | IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL | |||
| be interpreted as | NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14> | |||
| described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8 | RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", | |||
| 174" format="default"/> when, and only when, they appear in all capitals, as | "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to | |||
| shown here.</t> | be interpreted as | |||
| described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> | ||||
| when, and only when, they appear in all capitals, as shown here. | ||||
| </t> | ||||
| <t>This document uses ABNF <xref target="RFC5234" format="default"/>. It also uses the pchar rule from <xref target="RFC3986" format="default"/>.</t> | <t>This document uses ABNF <xref target="RFC5234" format="default"/>. It also uses the pchar rule from <xref target="RFC3986" format="default"/>.</t> | |||
| </section> | </section> | |||
| </section> | </section> | |||
| <section anchor="the-secret-token-uri-scheme" numbered="true" toc="default"> | <section anchor="the-secret-token-uri-scheme" numbered="true" toc="default"> | |||
| <name>The secret-token URI scheme</name> | <name>The secret-token URI scheme</name> | |||
| <t>The secret-token URI scheme identifies a token that is intended to be a secret.</t> | <t>The secret-token URI scheme identifies a token that is intended to be a secret.</t> | |||
| <artwork type="abnf" name="" align="left" alt=""><![CDATA[ | <sourcecode type=""><![CDATA[ | |||
| secret-token-URI = secret-token-scheme ":" token | secret-token-URI = secret-token-scheme ":" token | |||
| secret-token-scheme = "secret-token" | secret-token-scheme = "secret-token" | |||
| token = 1*pchar | token = 1*pchar | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t>See <xref target="RFC3986" format="default"/>, Section 3.3 for a defini | <t>See <xref target="RFC3986" sectionFormat="comma" section="3.3"/> for a | |||
| tion of pchar. Disallowed characters - including non-ASCII characters - MUST be | definition of pchar. Disallowed characters - including non-ASCII characters - <b | |||
| encoded into UTF-8 <xref target="RFC3629" format="default"/> and then percent-en | cp14>MUST</bcp14> be encoded into UTF-8 <xref target="RFC3629" format="default"/ | |||
| coded (<xref target="RFC3986" format="default"/>, Section 2.1).</t> | > and then percent-encoded (<xref target="RFC3986" sectionFormat="comma" section | |||
| <t>When a token is both generated and presented for authentication, the en | ="2.1"/>).</t> | |||
| tire URI MUST be used, | <t>When a token is both generated and presented for authentication, the en | |||
| tire URI <bcp14>MUST</bcp14> be used, | ||||
| without changes.</t> | without changes.</t> | |||
| <t>For example, given the URI:</t> | <t>For example, given the URI:</t> | |||
| <artwork type="example" name="" align="left" alt=""><![CDATA[ | <sourcecode type=""><![CDATA[ | |||
| secret-token:E92FB7EB-D882-47A4-A265-A0B6135DC842%20foo | secret-token:E92FB7EB-D882-47A4-A265-A0B6135DC842%20foo | |||
| ]]></artwork> | ]]></sourcecode> | |||
| <t>This string (character-for-character, case-sensitive) will both be issu ed by the token authority, and required for later access. Therefore, if the exam ple above were used as a bearer token in <xref target="RFC6750" format="default" />, a client might send:</t> | <t>This string (character-for-character, case-sensitive) will both be issu ed by the token authority, and required for later access. Therefore, if the exam ple above were used as a bearer token in <xref target="RFC6750" format="default" />, a client might send:</t> | |||
| <artwork type="example" name="" align="left" alt=""><![CDATA[ | <sourcecode type=""><![CDATA[ | |||
| GET /authenticated/stuff HTTP/1.1 | GET /authenticated/stuff HTTP/1.1 | |||
| Host: www.example.com | Host: www.example.com | |||
| Authorization: Bearer secret-token:E92FB7EB-D882-47A4-A265-A0B6135DC842%20foo | Authorization: Bearer secret-token:E92FB7EB-D882-47A4-A265-A0B6135DC842%20foo | |||
| ]]></artwork> | ]]></sourcecode> | |||
| </section> | </section> | |||
| <section anchor="iana-considerations" numbered="true" toc="default"> | <section anchor="iana-considerations" numbered="true" toc="default"> | |||
| <name>IANA Considerations</name> | <name>IANA Considerations</name> | |||
| <t>This document registers the following value in the URI Scheme registry: </t> | <t>This document registers the following value in the URI Scheme registry: </t> | |||
| <ul spacing="normal"> | <dl newline="false" spacing="compact"> | |||
| <li>Scheme name: secret-token</li> | <dt>Scheme name:</dt> | |||
| <li>Status: provisional</li> | <dd>secret-token</dd> | |||
| <li>Applications / protocols that use this scheme: none yet</li> | <dt>Status:</dt> | |||
| <li>Contact: iesg@iesg.org</li> | <dd>provisional</dd> | |||
| <li>Change Controller: IESG</li> | <dt>Applications / protocols that use this scheme:</dt> | |||
| <li>References: (this document)</li> | <dd>none yet</dd> | |||
| </ul> | <dt>Contact:</dt> | |||
| <dd>iesg@iesg.org</dd> | ||||
| <dt>Change Controller:</dt> | ||||
| <dd>IESG</dd> | ||||
| <dt>References:</dt> | ||||
| <dd>(this document)</dd> | ||||
| </dl> | ||||
| </section> | </section> | |||
| <section anchor="security-considerations" numbered="true" toc="default"> | <section anchor="security-considerations" numbered="true" toc="default"> | |||
| <name>Security Considerations</name> | <name>Security Considerations</name> | |||
| <t>The token ABNF rule allows tokens as small as one character. This is no t recommended practice; applications should evaluate their requirements for entr opy and issue tokens correspondingly. | <t>The token ABNF rule allows tokens as small as one character. This is no t recommended practice; applications should evaluate their requirements for entr opy and issue tokens correspondingly. | |||
| See <xref target="RFC4086" format="default"/> for more information.</t> | See <xref target="RFC4086" format="default"/> for more information.</t> | |||
| <t>This URI scheme is intended to reduce the incidence of accidental discl osure; it cannot prevent intentional disclosure.</t> | <t>This URI scheme is intended to reduce the incidence of accidental discl osure; it cannot prevent intentional disclosure.</t> | |||
| <t>If it is difficult to correctly handle secret material, or unclear as t o what the appropriate handling is, users might choose to obfuscate their secret tokens in order to evade detection (for example, removing the URI scheme for st orage). Mitigating this risk is often beyond the reach of | <t>If it is difficult to correctly handle secret material, or unclear as t o what the appropriate handling is, users might choose to obfuscate their secret tokens in order to evade detection (for example, removing the URI scheme for st orage). Mitigating this risk is often beyond the reach of | |||
| the system using the secret-token URI, but they can caution users against such p ractices, and | the system using the secret-token URI, but they can caution users against such p ractices, and | |||
| provide tools to help.</t> | provide tools to help.</t> | |||
| </section> | </section> | |||
| </middle> | </middle> | |||
| <back> | <back> | |||
| <references> | <references> | |||
| <name>References</name> | <name>References</name> | |||
| <references> | <references> | |||
| <name>Normative References</name> | <name>Normative References</name> | |||
| <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2 | ||||
| 119"> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119. | |||
| <front> | xml"/> | |||
| <title>Key words for use in RFCs to Indicate Requirement Levels</tit | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174. | |||
| le> | xml"/> | |||
| <author initials="S." surname="Bradner" fullname="S. Bradner"> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5234. | |||
| <organization/> | xml"/> | |||
| </author> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3986. | |||
| <date year="1997" month="March"/> | xml"/> | |||
| <abstract> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3629. | |||
| <t>In many standards track documents several words are used to sig | xml"/> | |||
| nify the requirements in the specification. These words are often capitalized. | ||||
| This document defines these words as they should be interpreted in IETF document | ||||
| s. This document specifies an Internet Best Current Practices for the Internet | ||||
| Community, and requests discussion and suggestions for improvements.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="BCP" value="14"/> | ||||
| <seriesInfo name="RFC" value="2119"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC2119"/> | ||||
| </reference> | ||||
| <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8 | ||||
| 174"> | ||||
| <front> | ||||
| <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</ti | ||||
| tle> | ||||
| <author initials="B." surname="Leiba" fullname="B. Leiba"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date year="2017" month="May"/> | ||||
| <abstract> | ||||
| <t>RFC 2119 specifies common key words that may be used in protoco | ||||
| l specifications. This document aims to reduce the ambiguity by clarifying tha | ||||
| t only UPPERCASE usage of the key words have the defined special meanings.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="BCP" value="14"/> | ||||
| <seriesInfo name="RFC" value="8174"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC8174"/> | ||||
| </reference> | ||||
| <reference anchor="RFC5234" target="https://www.rfc-editor.org/info/rfc5 | ||||
| 234"> | ||||
| <front> | ||||
| <title>Augmented BNF for Syntax Specifications: ABNF</title> | ||||
| <author initials="D." surname="Crocker" fullname="D. Crocker" role=" | ||||
| editor"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author initials="P." surname="Overell" fullname="P. Overell"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date year="2008" month="January"/> | ||||
| <abstract> | ||||
| <t>Internet technical specifications often need to define a formal | ||||
| syntax. Over the years, a modified version of Backus-Naur Form (BNF), called A | ||||
| ugmented BNF (ABNF), has been popular among many Internet specifications. The c | ||||
| urrent specification documents ABNF. It balances compactness and simplicity with | ||||
| reasonable representational power. The differences between standard BNF and AB | ||||
| NF involve naming rules, repetition, alternatives, order-independence, and value | ||||
| ranges. This specification also supplies additional rule definitions and encod | ||||
| ing for a core lexical analyzer of the type common to several Internet specifica | ||||
| tions. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="STD" value="68"/> | ||||
| <seriesInfo name="RFC" value="5234"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC5234"/> | ||||
| </reference> | ||||
| <reference anchor="RFC3986" target="https://www.rfc-editor.org/info/rfc3 | ||||
| 986"> | ||||
| <front> | ||||
| <title>Uniform Resource Identifier (URI): Generic Syntax</title> | ||||
| <author initials="T." surname="Berners-Lee" fullname="T. Berners-Lee | ||||
| "> | ||||
| <organization/> | ||||
| </author> | ||||
| <author initials="R." surname="Fielding" fullname="R. Fielding"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author initials="L." surname="Masinter" fullname="L. Masinter"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date year="2005" month="January"/> | ||||
| <abstract> | ||||
| <t>A Uniform Resource Identifier (URI) is a compact sequence of ch | ||||
| aracters that identifies an abstract or physical resource. This specification d | ||||
| efines the generic URI syntax and a process for resolving URI references that mi | ||||
| ght be in relative form, along with guidelines and security considerations for t | ||||
| he use of URIs on the Internet. The URI syntax defines a grammar that is a supe | ||||
| rset of all valid URIs, allowing an implementation to parse the common component | ||||
| s of a URI reference without knowing the scheme-specific requirements of every p | ||||
| ossible identifier. This specification does not define a generative grammar for | ||||
| URIs; that task is performed by the individual specifications of each URI schem | ||||
| e. [STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="STD" value="66"/> | ||||
| <seriesInfo name="RFC" value="3986"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC3986"/> | ||||
| </reference> | ||||
| <reference anchor="RFC3629" target="https://www.rfc-editor.org/info/rfc3 | ||||
| 629"> | ||||
| <front> | ||||
| <title>UTF-8, a transformation format of ISO 10646</title> | ||||
| <author initials="F." surname="Yergeau" fullname="F. Yergeau"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date year="2003" month="November"/> | ||||
| <abstract> | ||||
| <t>ISO/IEC 10646-1 defines a large character set called the Univer | ||||
| sal Character Set (UCS) which encompasses most of the world's writing systems. | ||||
| The originally proposed encodings of the UCS, however, were not compatible with | ||||
| many current applications and protocols, and this has led to the development of | ||||
| UTF-8, the object of this memo. UTF-8 has the characteristic of preserving the | ||||
| full US-ASCII range, providing compatibility with file systems, parsers and othe | ||||
| r software that rely on US-ASCII values but are transparent to other values. Th | ||||
| is memo obsoletes and replaces RFC 2279.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="STD" value="63"/> | ||||
| <seriesInfo name="RFC" value="3629"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC3629"/> | ||||
| </reference> | ||||
| </references> | </references> | |||
| <references> | <references> | |||
| <name>Informative References</name> | <name>Informative References</name> | |||
| <reference anchor="RFC6750" target="https://www.rfc-editor.org/info/rfc6 | ||||
| 750"> | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6750. | |||
| <front> | xml"/> | |||
| <title>The OAuth 2.0 Authorization Framework: Bearer Token Usage</ti | <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4086. | |||
| tle> | xml"/> | |||
| <author initials="M." surname="Jones" fullname="M. Jones"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author initials="D." surname="Hardt" fullname="D. Hardt"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date year="2012" month="October"/> | ||||
| <abstract> | ||||
| <t>This specification describes how to use bearer tokens in HTTP r | ||||
| equests to access OAuth 2.0 protected resources. Any party in possession of a b | ||||
| earer token (a "bearer") can use it to get access to the associated resources (w | ||||
| ithout demonstrating possession of a cryptographic key). To prevent misuse, bea | ||||
| rer tokens need to be protected from disclosure in storage and in transport. [ | ||||
| STANDARDS-TRACK]</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="RFC" value="6750"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC6750"/> | ||||
| </reference> | ||||
| <reference anchor="RFC4086" target="https://www.rfc-editor.org/info/rfc4 | ||||
| 086"> | ||||
| <front> | ||||
| <title>Randomness Requirements for Security</title> | ||||
| <author initials="D." surname="Eastlake 3rd" fullname="D. Eastlake 3 | ||||
| rd"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author initials="J." surname="Schiller" fullname="J. Schiller"> | ||||
| <organization/> | ||||
| </author> | ||||
| <author initials="S." surname="Crocker" fullname="S. Crocker"> | ||||
| <organization/> | ||||
| </author> | ||||
| <date year="2005" month="June"/> | ||||
| <abstract> | ||||
| <t>Security systems are built on strong cryptographic algorithms t | ||||
| hat foil pattern analysis attempts. However, the security of these systems is d | ||||
| ependent on generating secret quantities for passwords, cryptographic keys, and | ||||
| similar quantities. The use of pseudo-random processes to generate secret quant | ||||
| ities can result in pseudo-security. A sophisticated attacker may find it easier | ||||
| to reproduce the environment that produced the secret quantities and to search | ||||
| the resulting small set of possibilities than to locate the quantities in the wh | ||||
| ole of the potential number space.</t> | ||||
| <t>Choosing random quantities to foil a resourceful and motivated | ||||
| adversary is surprisingly difficult. This document points out many pitfalls in | ||||
| using poor entropy sources or traditional pseudo-random number generation techni | ||||
| ques for generating such quantities. It recommends the use of truly random hard | ||||
| ware techniques and shows that the existing hardware on many systems can be used | ||||
| for this purpose. It provides suggestions to ameliorate the problem when a hard | ||||
| ware solution is not available, and it gives examples of how large such quantiti | ||||
| es need to be for some applications. This document specifies an Internet Best C | ||||
| urrent Practices for the Internet Community, and requests discussion and suggest | ||||
| ions for improvements.</t> | ||||
| </abstract> | ||||
| </front> | ||||
| <seriesInfo name="BCP" value="106"/> | ||||
| <seriesInfo name="RFC" value="4086"/> | ||||
| <seriesInfo name="DOI" value="10.17487/RFC4086"/> | ||||
| </reference> | ||||
| </references> | </references> | |||
| </references> | </references> | |||
| <section anchor="acknowledgements" numbered="true" toc="default"> | <section anchor="acknowledgements" numbered="true" toc="default"> | |||
| <name>Acknowledgements</name> | <name>Acknowledgements</name> | |||
| <t>The definition of bearer tokens is from <xref target="RFC6750" format=" default"/>.</t> | <t>The definition of bearer tokens is from <xref target="RFC6750" format=" default"/>.</t> | |||
| </section> | </section> | |||
| </back> | </back> | |||
| <!-- ##markdown-source: | ||||
| H4sIAHDajF8AA6VYbW8buRH+vr+CVVCcHWglW3ESR+m1J78lAmI79UuLoigC | ||||
| apeSCK/IPZJrVT1cfnufGXJlSXXSK2oEyi7fhjPzzMwzm+d5FnSo1FDczZXw | ||||
| qnAq5ME+KCPub8bitpirhcrkZOLU4zArbWHkAotLJ6chNzYEbWZzucjndpmX | ||||
| uszDXIZ8hjO0CRZvKneqtvnBICtlwMbBweAgK/A4s241FNpMbZbp2g1FcI0P | ||||
| g4ODd1grnZJD8UEZ5WSVLa17mDnb1MPsQa3wVg7F2ATlDOSc0U2yzAdpyi+y | ||||
| sgZCVspnfiFd+PJzY4PyQ2FsVuuh+HuwRVfgR5tSmdAV3rrg1NTjabVID8Hp | ||||
| AlOFXdQyPSywGFPaVNqof2SZbMLcumEm8kzgTxuIuOyJq7U9eDia6lK6h90Z | ||||
| 62bS6H/JoK0Z8kihA8zx2cm5k4ZHnJrRrPjL+DSusI0JZLMR7ASzaMnDaiF1 | ||||
| NRQL+OIn+unBKDzROCg8D6H2w35/uVz22tl+lhnrFhD+qEj4zcXp4PDw3RB+ | ||||
| gDfWE1mW57mQExJWwMJ3c+0FANCQMfh2Hi7wAj4WnU3gdBg5npFDxhZSlzAR | ||||
| L9Rkdj3VBaue2akgU9JYHBF8gu9F4biw+nJFP8F+uVGyhLwse4kLi/Oz8d31 | ||||
| zVDUlZJe4ToL+6ggAnfEXfioiYI2StTNpEqnvyQtcAnvG+VFBQUElsRdjGhR | ||||
| SNqH0caUQgbxh9aAMx3mzaQHLPTJjv1xftav5ERVvv996P+xF4UurCerFWS8 | ||||
| PTsNynRFY/hyfq7K/XQB3GRTLPssydaWpX5fXJ/k3UQxxVyaGRRFNLGy6r+r | ||||
| RFjXwfdn87yW2PsblLtVSsjKW/YvK/GDF0XjHF0BYRka33p/fH53IZAHJEHq | ||||
| Qbku7pOt77Mx0dMqTHuIkj4A1/8fkw2bgOCz0GVZqSx7QdnC2bJhXGTZOIi5 | ||||
| 9PAztAUaDKArPY6uVhzrjELRAFUTBdO5hEmBLUDHDl4Xiqys/YJ0fJRO28Zn | ||||
| tbPIMbYiHI+2TmH/EkIRnWGVxpZwBNsH+2rlaByKQdhK1JJecXRtvVfek0gE | ||||
| DS2Oe/dk1okCOvuMXrr30zR20jFLuXGmxbT71smaY6An7skguGo8O4unlRZo | ||||
| gh+A458bDVTJJ+Xo8ojA7dMKt6qDnTlZz3UhkLwFsotyGkl9D+vtNMe/py37 | ||||
| sNc95aDQGKyrVl1WxTSLCWTgvLXh4DROJQStR1s98mWLOCYrUWpfVNY3uGK0 | ||||
| lletF8nzDNfkd1X2xAWSgPqnXCCZdMUSAu2SElxTSQdMzKEi8qBtYD5RqkdV | ||||
| kZdEDJXAkg0Jhw7J6pTzUt5BhWlcobC6pCwFXXVA5esKpdkNAKFMLlvh2qX5 | ||||
| gayL7I4x+GIpScOiakq1zqFJMAbo0C6KyXdP4bQL1RJiffSy37BRLyV3X6ti | ||||
| nZt/a4ZvE3wNgkBxER3vm2L+vEN8T/x1rsw6qOAiir6IIbh9MdGzBkEEw6di | ||||
| EVGwYnSjNs9mWLuUzsDynFlOLVYZ2sOsAGjjW/gVbr/wyT4UF2zBZ/2hFWu5 | ||||
| 8Kp6pBvetfIYKdjt8WJwAJULrxA7DE8Ybgs6GoivbFP20ghV27babAKE/mMf | ||||
| FJVmENOxFUUGXRNZEcUHzudwI/krEesyg43uSblol6v57vpwivQOCuNDR1Bm | ||||
| RJGUhUrjESKWEILqZQm9Wy5ojU5GACbAOqqSLBDmYGAzOJWznEIMws3r7Off | ||||
| sw6bliDjrg0BzLa1tbBmChc7WBPiwLkIuKnu0GSQmlz7nH6wyVxVtY+2Aw1C | ||||
| /gY+5aMFAL+BNlDD3YNYYxhGmTJeIhGUbXJC+s2YgVKoxUOINDwoMfo8pmTm | ||||
| 2VFeLzQSRctcInZIAiXKtRSyDikKMaSjs1VFp+rQpKhcIhvADzXFFNjdZnwQ | ||||
| dLsppMiLDHy+yKlD7sxvdVDiBilZgWIAkAiQldg7vb252H/iUy9eEAllYTgd | ||||
| MZOi1Ud6QrmZmLUXncv727tON/4vrq75+eb8z/fjm/Mzer79OPr0af3Qrrj9 | ||||
| eH3/6ezpKY5n2Hl6fXl5fnUWN2NU7Axdjv7WiZjvXH++G19fjT51Yq7bJJxk | ||||
| iMCxSDZ1SDfMZ3xWKl84PYnRfXL6WRweiV9++V1itb/+ml6OD98e4QVmNlGY | ||||
| NUgx8ZVjQtY1JXqqmFUFsNYaUALoIMKDcBhBDurt8mD4xovRydVFEvN68Api | ||||
| egIcg3MHz3NtR6Q44ZoK7NIhGuLyV++O32B5RiTl2QYsJtnoo29MrnFLWaat | ||||
| QBTq2m+hfKIi9cAZEPj161cUNTPdCo+cTsXfj1uy8iSnM+zE47PnZn/cqRGJ | ||||
| M2z//SgOX7IlSH7kjpuG6IrbRN5f9V5xzFDFnSIhtBHJm3viTHt4yS6pCGIA | ||||
| DQolAnC+WCwpfxhr8tHt6Xi8s4JhDVsoQzWgjBny/u4iP26v8mZAsCGMENUT | ||||
| KPZEp/N2w97zNx70Dom/cHGTT2xvArq1kUfoVGDX48CUFbYJZWQ89A68kzfa | ||||
| 63ISyIgqEhFJ1H63AM3QuUWSgK3D6OQ0ueWz4fm7wcXJ2/OT/Oz4eJAfvR0d | ||||
| 5aPBm9f56ODkzeGr12enx0eD3w8OptZGR0V+gOoLw+6t7Znj/vn6DZ0y6FQO | ||||
| 1ZDWcJF9EFtEEhtgkrqukorZEz2NfTQIXQzJRCvLjXoYyyZnVcf9HNcWtlHU | ||||
| i5gZeOdSpUTJNH2Hcxt49k9w2Zu3rw/IZTIVXnQIszmaFITIjrE+nN+J/oZn | ||||
| VNn3oZlOxce7u8/9w95h9hH93FBQX71R47JRVCh19uIkXuP/Mj21L6OrEaVs | ||||
| j0iP7MZ/vx+fWgoOctajrBrVMsenLzppvVtB75ftWPxesXlZmuMObsj0Xnuu | ||||
| Hhgd1RuEsi/WDU9MPJGKEmL4YPr8YpRYqYCdxNYAl6FAupr9RD/U59EEQ5rn | ||||
| uTq6IfrF2w+YuVFTeNcU9CFnb6sq7LN5btuu4D9N1AKNMzQnX04bfqOn8wvK | ||||
| 93igO67BnOiPbvud+BGIwr+mBbpQ76liPBkBNYKYkiKDAy9kb+1aRC/WLE+R | ||||
| dvUqUjyKiPYmhUXH7GtrSu5Eeyk3EmyPDijT8PaFZeqSPtNY09ajzWqwnfUR | ||||
| Tk2RuoDYNBXcFD1Ll96n/o90ToQ+HpZow1bPMOZukbyhpyBNTRVIHutRBOqb | ||||
| oGPVVq1148d8vEGW5q6KmfAy8VIyKIyDVbAf7yYEa9RgAArIjtFazK3ldk7Y | ||||
| Cbhj8WTsJCkZFJgHn4mkFl4B3S9BGWKu3tsiq/zxKFHrTUsy2Ud3IGdqvycu | ||||
| kdRmMlFwaO20fyDt+VsOEs7KxoJBjReYmp1m9BK7ECjQnr9bxLti0oSnBgd9 | ||||
| HN8waixnIMMgdcz9WuB5TpYZB2RJhuC4s0yN05ePiSweKDJGxQN6WTDNWYRg | ||||
| DIntirr9kQMKJXrylDB72b8BDPbT/CcWAAA= | ||||
| </rfc> | </rfc> | |||
| End of changes. 16 change blocks. | ||||
| 293 lines changed or deleted | 72 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||