<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>

<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="pre5378Trust200902" docName="draft-ietf-lamps-rfc5274bis-11" number="10004" category="std" consensus="true" submissionType="IETF" updates="" obsoletes="5274, 6402" tocInclude="true" sortRefs="true" symRefs="true" version="3" xml:lang="en">

  <front>

    <title abbrev="CMC: Compliance">Certificate Management over CMS (CMC): Compliance Requirements</title>
    <seriesInfo name="RFC" value="10004"/>
    <author initials="J." surname="Mandel" fullname="Joseph Mandel" role="editor">
      <organization>AKAYLA, Inc.</organization>
      <address>
        <email>joe@akayla.com</email>
      </address>
    </author>
    <author initials="S." surname="Turner" fullname="Sean Turner" role="editor">
      <organization>sn3rd</organization>
      <address>
        <email>sean@sn3rd.com</email>
      </address>
    </author>
    <date year="2026" month="July"/>
    <area>SEC</area>
    <workgroup>lamps</workgroup>

    <keyword>Public Key Infrastructure</keyword>
    <keyword>Cryptographic Message Syntax</keyword>
    <keyword>Certificate Management</keyword>
    <keyword>Compliance</keyword>

    <abstract>
<t>This document provides a set of compliance statements about the
Certificate Management over CMS (CMC) enrollment protocol.  The ASN.1
structures and the transport mechanisms for the CMC enrollment
protocol are covered in other documents (RFCs 10002 and 10003).  This document provides the
information needed to make a compliant version of CMC.</t>
      <t>This document obsoletes RFCs 5274 and 6402.</t>
    </abstract>
  </front>
  <middle>

    <section anchor="introduction">
      <name>Introduction</name>
      <t>The Certificate Management over CMS (CMC) protocol is designed in
terms of a client/server relationship.  In the simplest case, the
client is the requestor of the certificate (i.e., the End-Entity
(EE)) and the server is the issuer of the certificate (i.e., the
Certification Authority (CA)).  The introduction of a Registration
Authority (RA) into the set of agents complicates the picture only
slightly.  The RA becomes the server with respect to the certificate
requestor, and it becomes the client with respect to the certificate
issuer.  Any number of RAs can be inserted into the picture in this
manner.</t>
      <t>The RAs may serve specialized purposes that are not currently covered
by this document.  One such purpose would be a Key Escrow agent.  As
such, all certificate requests for encryption keys would be directed
through this RA, and it would take appropriate action to do the key
archival.  Key recovery requests could be defined in the CMC
methodology allowing for the Key Escrow agent to perform that
operation acting as the final server in the chain of agents.</t>
      <t>If there are multiple RAs in the system, it is considered normal that
not all RAs will see all certificate requests.  The routing between
the RAs may be dependent on the content of the certificate requests
involved.</t>
      <t>This document is divided into six sections, each section specifying
the requirements that are specific to a class of agents in the CMC
model.  These are 1) all entities, 2) all servers, 3) all clients, 4)
all EEs, 5) all RAs, and 6) all CAs.</t>
      <t>This document obsoletes RFCs 5274 <xref target="RFC5274"/> and 6402 <xref target="RFC6402"/>.</t>
    </section>
    <section anchor="terminology">
      <name>Terminology</name>

      <t>There are several different terms, abbreviations, and acronyms used
in this document that we define here for convenience and consistency
of usage:</t>
      <dl>
        <dt>End-Entity (EE):</dt>
        <dd>
          <t>Refers to the entity that owns a key pair and for
whom a certificate is issued.</t>
        </dd>
        <dt>Registration Authority (RA) or Local RA (LRA):</dt>
        <dd>
          <t>Refers to an entity
that acts as an intermediary between the EE and the CA.  Multiple
RAs can exist between the EE and the CA.  RAs may perform additional services such as key
generation or key archival.  This document uses the term RA for
both RA and LRA.</t>
        </dd>
        <dt>Certification Authority (CA):</dt>
        <dd>
          <t>Refers to the entity that issues
certificates.</t>
        </dd>
        <dt>Client:</dt>
        <dd>
          <t>Refers to an entity that creates a Public Key Infrastructure (PKI) Request.  In this
document, both RAs and EEs can be clients.</t>
        </dd>
        <dt>Server:</dt>
        <dd>
          <t>Refers to the entities that process PKI Requests and create
PKI Responses.  In this document, both CAs and RAs can be servers.</t>
        </dd>
        <dt>PKCS #10:</dt>
        <dd>
          <t>Refers to the Public Key Cryptography Standard #10
<xref target="RFC2986"/>, which defines a certification request syntax.</t>
        </dd>
        <dt>CRMF:</dt>
        <dd>
          <t>Refers to the Certificate Request Message Format <xref target="RFC4211"/>.
CMC uses this certification request syntax defined in this
document as part of the protocol.</t>
        </dd>
        <dt>CMS:</dt>
        <dd>
          <t>Refers to the Cryptographic Message Syntax <xref target="RFC5652"/>.  This
document provides for basic cryptographic services including
encryption and signing with and without key management.</t>
        </dd>
        <dt>PKI Request/Response:</dt>
        <dd>
          <t>Refers to the requests/responses described in
this document.  PKI Requests include certification requests,
revocation requests, etc.  PKI Responses include certs-only
messages, failure messages, etc.</t>
        </dd>
        <dt>Proof-of-Identity:</dt>
        <dd>
          <t>Refers to the client proving they are who they say
that they are to the server.</t>
        </dd>
        <dt>Proof-of-Possession (POP):</dt>
        <dd>
          <t>Refers to a value that can be used to
prove that the private key corresponding to a public key is in the
possession and can be used by an EE.  See <xref target="RFC10002" sectionFormat="of" section="2.1"/>.</t>
        </dd>
        <dt>Transport wrapper:</dt>
        <dd>
          <t>Refers to the outermost CMS wrapping layer.</t>
        </dd>
        <dt>Entity:</dt>
        <dd>
          <t>Refers to EE, RA (or LRA), or CA.</t>
        </dd>
	<dt>HMAC:</dt>
	<dd>
	  <t>Refers to the Hashed Message Authentication Code. CMC uses the ASN.1 module defined in <xref target="RFC6268"/>.</t></dd>
      </dl>
    </section>

    <section anchor="requirements-terminology">
      <name>Requirements Terminology</name>
        <t>
    The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
    NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
    "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
    described in BCP&nbsp;14 <xref target="RFC2119"/> <xref target="RFC8174"/>
    when, and only when, they appear in all capitals, as shown here.
        </t>
    </section>
    <section anchor="changes-since-rfc-5274-and-6402">
      <name>Changes Since RFCs 5274 and 6402</name>
      <t>Merged <xref target="RFC6402"/> text.</t>

      <t>Updated the Introduction, changed "all agents" to
"all entities" in the overview to maintain consistency
throughout the document, and renumbered the section headers.</t>

      <t>Added RA Identity Proof Witness and Response Body controls to <xref target="cmc-controls"/>.</t>
<t>Updated the Cryptographic Algorithm Requirements:</t>

      <ul spacing="normal">
        <li>

          <t>Replaced SHA-1 with SHA-256</t>
        </li>
        <li>
          <t>Replaced HMAC-SHA-1 with HMAC-SHA-256</t>
        </li>
	<li>
	  <t>Added algorithms for <tt>AuthEnvelopedData</tt></t></li>
      </ul>
      <t>Added a paragraph to maintain backward algorithm compatibility.</t>

    </section>
    <section anchor="requirements-for-all-entities">
      <name>Requirements for All Entities</name>
      <t>All <xref target="RFC10002"/> and <xref target="RFC10003"/> compliance statements <bcp14>MUST</bcp14> be
adhered to unless specifically stated otherwise in this document.</t>
      <t>All entities <bcp14>MUST</bcp14> support Full PKI Requests, Simple PKI Responses,
and Full PKI Responses.  Servers <bcp14>SHOULD</bcp14> support Simple PKI Requests.</t>
      <t>All entities <bcp14>MUST</bcp14> support the use of the CRMF syntax for
certification requests.  Support for the PKCS #10 syntax for
certification requests <bcp14>SHOULD</bcp14> be implemented by servers.</t>
      <t>The <tt>extendedFailInfo</tt> field <bcp14>SHOULD NOT</bcp14> be populated in the
<tt>CMCStatusInfoV2</tt> object; the <tt>failInfo</tt> field <bcp14>SHOULD</bcp14> be used to relay
this information.  If the <tt>extendedFailInfo</tt> field is used, it is
suggested that an additional <tt>CMCStatusInfoV2</tt> item exist for the same
body part with a <tt>failInfo</tt> field.</t>
      <t>All entities <bcp14>MUST</bcp14> implement the HTTP transport mechanism as defined
in <xref target="RFC10003"/>.  Other transport mechanisms <bcp14>MAY</bcp14> be implemented.</t>
      <section anchor="cryptographic-algorithm-requirements">
        <name>Cryptographic Algorithm Requirements</name>
        <t>All entities <bcp14>MUST</bcp14> verify RSA-SHA256 signatures in
<tt>SignedData</tt>; (see <xref target="RFC5754"/>).  Entities <bcp14>MAY</bcp14> verify other signature
algorithms.</t>
        <t>All entities <bcp14>MUST</bcp14> generate RSA-SHA256 signatures for
<tt>SignedData</tt>; (see <xref target="RFC5754"/>).  Other signature algorithms <bcp14>MAY</bcp14> be used
for generation.</t>
        <t>All entities <bcp14>MUST</bcp14> support Advanced Encryption Standard (AES) as the
content encryption algorithm for <tt>EnvelopedData</tt>; (see <xref target="RFC3565"/>).
Other content encryption algorithms <bcp14>MAY</bcp14> be implemented.</t>
        <t>All entities <bcp14>MUST</bcp14> support AES-GCM (Galois/Counter Mode) as the
authenticated content encryption algorithm for <tt>AuthEnvelopedData</tt>; (see <xref target="RFC5084"/>).
They <bcp14>MUST</bcp14> also support a 12-octet nonce size and a 12-octet Integrity
Check Value (ICV) length. Other content encryption algorithms <bcp14>MAY</bcp14> be
implemented.</t>
        <t>All entities <bcp14>MUST</bcp14> support RSA as a key transport algorithm for
<tt>EnvelopedData</tt> and <tt>AuthEnvelopedData</tt>; see <xref target="RFC5754"/>. Other key
transport algorithms <bcp14>MAY</bcp14> be implemented.</t>
        <t>If an entity supports key agreement for <tt>EnvelopedData</tt> or <tt>AuthEnvelopedData</tt>,
it <bcp14>MUST</bcp14> support Diffie-Hellman (DH); (see <xref target="RFC2631"/>).</t>
        <t>If an entity supports <tt>PasswordRecipientInfo</tt> for <tt>EnvelopedData</tt>,
<tt>AuthenticatedData</tt>, or <tt>AuthEnvelopedData</tt>, it <bcp14>MUST</bcp14> support Password-Based Key Derivation Function 2 (PBKDF2) <xref target="RFC9879"/>
for key derivation algorithms.  It <bcp14>MUST</bcp14> support AES key wrap
(see <xref target="RFC3394"/>) as the key encryption algorithm.</t>
        <t>If <tt>AuthenticatedData</tt> is supported, <tt>PasswordRecipientInfo</tt> <bcp14>MUST</bcp14> be
supported.</t>
        <t>Algorithm requirements for the Identity Proof Version 2 control
	(<xref section="6.2.1" sectionFormat="of" target="RFC10002"/>) are as follows:</t>
	<ul spacing="compact">
	  <li>SHA-256 <bcp14>MUST</bcp14> be implemented
          for <tt>hashAlgId</tt>.</li>
	  <li>HMAC-SHA256 <bcp14>MUST</bcp14> be implemented for <tt>macAlgId</tt>.</li>
	</ul>
        <t>Algorithm requirements for the Pop Link Witness Version 2 control
	(<xref section="6.3.1.1" sectionFormat="of" target="RFC10002"/>) are as follows:</t>
	<ul spacing="compact">
	  <li>SHA-256 <bcp14>MUST</bcp14> be implemented
	  for <tt>keyGenAlgorithm</tt>.</li>
	  <li>PBKDF2 <xref target="RFC9879"/> <bcp14>MAY</bcp14> be implemented for
	  <tt>keyGenAlgorithm</tt>.</li>
	  <li>HMAC-SHA256 <bcp14>MUST</bcp14> be implemented for <tt>macAlgorithm</tt>.</li></ul>
        <t>Algorithm requirements for the Encrypted POP and Decrypted POP
	controls (<xref section="6.7" sectionFormat="of" target="RFC10002"/>) are as follows:</t>
	<ul spacing="compact">
	  <li>SHA-256 <bcp14>MUST</bcp14> be
	  implemented for <tt>witnessAlgID</tt>.</li>
	  <li>HMAC-SHA256 <bcp14>MUST</bcp14> be implemented for
<tt>thePOPAlgID</tt>.</li></ul>
<t>Algorithm requirements for Publish Trust Anchors control (<xref section="6.15" sectionFormat="of" target="RFC10002"/>) are as follows:</t>
<ul>
  <li>SHA-256 <bcp14>MUST</bcp14> be implemented for <tt>hashAlgorithm</tt>.</li></ul>
        <t>If an EE generates DH keys for certification, it <bcp14>MUST</bcp14> support <xref section="4" sectionFormat="of" target="RFC6955"/>.  EEs <bcp14>MAY</bcp14> support <xref section="3" sectionFormat="of" target="RFC6955"/>.  CAs and RAs
that do POP verification <bcp14>MUST</bcp14> support <xref section="4" sectionFormat="of" target="RFC6955"/> and
<bcp14>SHOULD</bcp14> support <xref section="3" sectionFormat="of" target="RFC6955"/>.</t>
        <t>EEs that need to use a signature algorithm for keys that cannot
produce a signature <bcp14>MUST</bcp14> support <xref section="C" sectionFormat="of" target="RFC10002"/> and <bcp14>MUST</bcp14>
support the Encrypted/Decrypted POP controls.  CAs and RAs that do
POP verification <bcp14>MUST</bcp14> support this signature algorithm and <bcp14>MUST</bcp14>
support the Encrypted/Decrypted POP controls.</t>
        <t>For backward compatibility with the previous version of CMC,
servers <bcp14>MAY</bcp14> offer the algorithms specified therein, but <bcp14>SHOULD</bcp14>
use the CMC requests to identify which certificates should be
transitioned to more secure algorithms, if possible.</t>
      </section>
      <section anchor="controls">
        <name>Controls</name>
        <t>The following table lists the name and level of support required for
	each control.</t>

        <table anchor="cmc-controls">
          <name>CMC Control Attributes</name>
          <thead>
            <tr>
              <th align="left">Control</th>
              <th align="left">EE</th>
              <th align="left">RA</th>
              <th align="left">CA</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">Extended CMC Status Info</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">CMC Status Info</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
            </tr>
            <tr>
              <td align="left">Identity Proof Version 2</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Identity Proof</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
            </tr>
            <tr>
              <td align="left">Identification</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">POP Link Random</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">POP Link Witness Version 2</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">POP Link Witness</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Data Return</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Modify Cert Request</td>
              <td align="left">N/A</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">(2)</td>
            </tr>
            <tr>
              <td align="left">Add Extensions</td>
              <td align="left">N/A</td>
              <td align="left">
                <bcp14>MAY</bcp14></td>
              <td align="left">(1)</td>
            </tr>
            <tr>
              <td align="left">Transaction ID</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Sender Nonce</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Recipient Nonce</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Encrypted POP</td>
              <td align="left">(4)</td>
              <td align="left">(5)</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
            </tr>
            <tr>
              <td align="left">Decrypted POP</td>
              <td align="left">(4)</td>
              <td align="left">(5)</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
            </tr>
            <tr>
              <td align="left">RA POP Witness</td>
              <td align="left">N/A</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">(1)</td>
            </tr>
            <tr>
              <td align="left">Get Certificate</td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
            </tr>
            <tr>
              <td align="left">Get CRL</td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
            </tr>
            <tr>
              <td align="left">Revocation Request</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Registration Info</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
            </tr>
            <tr>
              <td align="left">Response Information</td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
              <td align="left">
                <bcp14>SHOULD</bcp14></td>
            </tr>
            <tr>
              <td align="left">Query Pending</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Confirm Cert.  Acceptance</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
            </tr>
            <tr>
              <td align="left">Publish Trust Anchors</td>
              <td align="left">(3)</td>
              <td align="left">(3)</td>
              <td align="left">(3)</td>
            </tr>
            <tr>
              <td align="left">Authenticated Data</td>
              <td align="left">(3)</td>
              <td align="left">(3)</td>
              <td align="left">(3)</td>
            </tr>
            <tr>
              <td align="left">Batch Request</td>
              <td align="left">N/A</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">(2)</td>
            </tr>
            <tr>
              <td align="left">Batch Responses</td>
              <td align="left">N/A</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">(2)</td>
            </tr>
            <tr>
              <td align="left">Publication Information</td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
              <td align="left"><bcp14>OPTIONAL</bcp14></td>
            </tr>
            <tr>
              <td align="left">Control Processed</td>
              <td align="left">N/A</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">(2)</td>
            </tr>
            <tr>
              <td align="left">RA Identity Proof Witness</td>
              <td align="left">N/A</td>
              <td align="left">
                <bcp14>MUST</bcp14></td>
              <td align="left">(2)</td>
            </tr>
            <tr>
              <td align="left">Response Body</td>
              <td align="left">(6)</td>
              <td align="left">(6)</td>
              <td align="left">N/A</td>
            </tr>
          </tbody>
        </table>
        <t>Notes:</t>
        <ol spacing="normal" type="1"><li>
            <t>CAs <bcp14>SHOULD</bcp14> implement this control if designed to work with RAs.</t>
          </li>
          <li>
            <t>CAs <bcp14>MUST</bcp14> implement this control if designed to work with RAs.</t>
          </li>
          <li>
            <t>Implementation is <bcp14>OPTIONAL</bcp14> for these controls.  We strongly
suggest that they be implemented in order to populate client
trust anchors.</t>
          </li>
          <li>
            <t>EEs only need to implement this if (a) they support key agreement
algorithms or (b) they need to operate in environments where the
hardware keys cannot provide POP.</t>
          </li>
          <li>
            <t>RAs <bcp14>SHOULD</bcp14> implement this if they implement RA POP Witness.</t>
          </li>
          <li>
            <t>EEs <bcp14>SHOULD</bcp14> implement this if designed to work with RAs and <bcp14>MUST</bcp14>
implement if intended to be used in environments where RAs are
used for identity validation or key generation.  RAs <bcp14>SHOULD</bcp14>
implement and validate responses for consistency.</t>
          </li>
        </ol>
        <t>Strong consideration should be given to implementing the Authenticated
Data and Publish Trust Anchors controls as this gives a simple method
for distributing trust anchors to clients without user
intervention.</t>
      </section>
      <section anchor="crmf-feature-requirements">
        <name>CRMF Feature Requirements</name>
        <t>The following additional restrictions are placed on CRMF features:</t>
	<ul>
        <li>The registration control tokens <tt>id-regCtrl-regToken</tt> and <tt>id-regCtrl-authToken</tt> <bcp14>MUST NOT</bcp14> be used.  No specific CMC feature is used to
replace these items, but generally the CMC control's identification
and <tt>identityProof</tt> will perform the same service and are more
	specifically defined.</li>


        <li>The control token <tt>id-regCtrl-pkiArchiveOptions</tt> <bcp14>SHOULD NOT</bcp14> be
supported.  See <xref target="RFC10002" sectionFormat="of" section="3.2.1.3.3"/> and <xref target="RFC10002" sectionFormat="of" section="3.2.1.3.3"/> for alternative methods.</li>
        <li>The behavior of <tt>id-regCtrl-oldCertID</tt> is not presently used.  It is
replaced by issuing the new certificate and using the <tt>id-cmc-publishCert</tt> to remove the old certificate from publication.  This
operation would not normally be accompanied by an immediate
revocation of the old certificate; however, that can be accomplished
by the <tt>id-cmc-revokeRequest</tt> control.</li>
        <li>The <tt>id-regCtrl-protocolEncrKey</tt> is not used.</li> </ul>
      </section>
    </section>
    <section anchor="requirements-for-clients">
      <name>Requirements for Clients</name>
      <t>There are no additional requirements.</t>
    </section>
    <section anchor="requirements-for-servers">
      <name>Requirements for Servers</name>
      <t>There are no additional requirements.</t>
    </section>
    <section anchor="requirements-for-ees">
      <name>Requirements for EEs</name>

      <t>If an EE implements Diffie-Hellman, it <bcp14>MUST</bcp14> implement either the
DH POP Proof-of-Possession as defined in <xref section="4" sectionFormat="of" target="RFC6955"/> or the
challenge-response POP controls <tt>id-cmc-encryptedPOP</tt> and <tt>id-cmc-decryptedPOP</tt>.</t>
    </section>
    <section anchor="requirements-for-ras">
      <name>Requirements for RAs</name>
      <t>RAs <bcp14>SHOULD</bcp14> be able to do delegated POP.  RAs implementing this
feature <bcp14>MUST</bcp14> implement the <tt>id-cmc-lraPOPWitness</tt> control.</t>
      <t>All RAs <bcp14>MUST</bcp14> implement the promotion of the <tt>id-aa-cmc-unsignedData</tt> as
covered in <xref section="3.2.3" sectionFormat="of" target="RFC10002"/>.</t>
    </section>
    <section anchor="requirements-for-cas">
      <name>Requirements for CAs</name>
      <t>Providing for CAs to work in an environment with RAs is strongly
suggested.  Implementation of such support is strongly suggested as
this permits the delegation of substantial administrative interaction
onto an RA rather than at the CA.</t>
      <t>CAs <bcp14>MUST</bcp14> perform at least minimal checks on all public keys before
issuing a certificate.  At a minimum, a check for syntax would occur
with the POP operation.  Additionally, CAs <bcp14>SHOULD</bcp14> perform simple
checks for known bad keys such as small subgroups for DSA-SHA1 and DH
keys <xref target="RFC2785"/> or known bad exponents for RSA keys.</t>
      <t>CAs <bcp14>MUST</bcp14> enforce POP checking before issuing any certificate.  CAs
      <bcp14>MAY</bcp14> delegate the POP operation to an RA for those cases where:</t>
      <ol spacing="compact">
	<li>a
	challenge/response message pair must be used,</li>
	<li>an RA performs
	escrow of a key and checks for POP in that manner, or</li>
	<li>an unusual
algorithm is used and that validation is done at the RA.</li></ol>
      <t>CAs <bcp14>SHOULD</bcp14> implement both the DH-POP Proof-of-Possession as defined
in <xref section="4" sectionFormat="of" target="RFC6955"/> and the challenge-response POP controls <tt>id-cmc-encryptedPOP</tt> and <tt>id-cmc-decryptedPOP</tt>.</t>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>This document uses <xref target="RFC10002"/> and <xref target="RFC10003"/> as building blocks.  The security sections of those two documents are
included by reference.</t>
      <t>Knowledge of how an entity is expected to operate is vital in
determining which sections of requirements are applicable to that
entity.  Care needs to be taken in determining which sections apply
and fully implementing the necessary code.</t>
      <t>Cryptographic algorithms have and will be broken or weakened.
Implementers and users need to check that the cryptographic
algorithms listed in this document make sense from a security level.
The IETF from time to time may issue documents dealing with the
current state of the art.  Two examples of such documents are
<xref target="RFC2785"/> and <xref target="RFC4270"/>.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
<t>This document has no IANA actions.</t>
    </section>
  </middle>
  <back>
    <displayreference target="RFC5652" to="CMS"/>
    <displayreference target="RFC5754" to="CMS-ALG2"/>
    <displayreference target="RFC9879" to="PBKDF2"/>
    <displayreference target="RFC2785" to="SMALL-SUB-GROUP"/>
    <displayreference target="RFC3565" to="CMS-AES"/>
    <displayreference target="RFC5084" to="CMS-AES-AE"/>
    <displayreference target="RFC2631" to="CMS-DH"/>
    <displayreference target="RFC3394" to="AES-WRAP"/>
    <displayreference target="RFC4270" to="HASH-ATTACKS"/>
        <displayreference target="RFC10003" to="CMC-TRANS"/>
    <displayreference target="RFC2986" to="PKCS10"/>
         <displayreference target="RFC10002" to="CMC-STRUCT"/>
    <displayreference target="RFC4211" to="CRMF"/>
    <displayreference target="RFC6402" to="CMC-Updates"/>
    <displayreference target="RFC6955" to="DH-POP"/>
    <displayreference target="RFC5274" to="CMC-COMPv1"/>
    <displayreference target="RFC6268" to="HMAC-ALGS"/>

    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        
        <reference anchor="RFC10002" target="https://www.rfc-editor.org/info/rfc10002">
          <front>
            <title>Certificate Management over CMS (CMC)</title>
            <author initials="J." surname="Mandel" fullname="Joe Mandel" role="editor">
              <organization>AKAYLA, Inc.</organization>
            </author>
            <author initials="S." surname="Turner" fullname="Sean Turner" role="editor">
              <organization>sn3rd</organization>
            </author>
            <date month='July' year='2026'/>
          </front>
          <seriesInfo name="RFC" value="10002"/>
          <seriesInfo name="DOI" value="10.17487/RFC10002"/>
        </reference>

        <reference anchor="RFC10003" target="https://www.rfc-editor.org/info/rfc10003">
          <front>
            <title>Certificate Management over CMS (CMC): Transport Protocols</title>
            <author initials="J." surname="Mandel" fullname="Joe Mandel" role="editor">
              <organization>AKAYLA, Inc.</organization>
            </author>
            <author initials="S." surname="Turner" fullname="Sean Turner" role="editor">
              <organization>sn3rd</organization>
            </author>
            <date month='July' year='2026'/>
          </front>
          <seriesInfo name="RFC" value="10003"/>
          <seriesInfo name="DOI" value="10.17487/RFC10003"/>
        </reference>

        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5652.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3565.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5084.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5754.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2631.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4211.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6955.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9879.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3394.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6268.xml"/>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2986.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2785.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4270.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5274.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6402.xml"/>
      </references>
    </references>

    <section numbered="false" anchor="acknowledgements">
      <name>Acknowledgements</name>
      <t>Obviously, the authors would like to
      thank <contact fullname="Jim Schaad"/> and <contact fullname="Michael
      Myers"/> for their work on <xref target="RFC5274"/>.</t>
      <t>Thank you to <contact fullname="Mike Bishop"/>, <contact
      fullname="Mohamed Boucadair"/>, and <contact fullname="Erik Kline"/> for
      reviewing the document and providing comments.</t>
      <t>The Acknowledgments section from RFC 5274 follows:</t>
      <blockquote><t>The authors and the PKIX Working Group are grateful for
      the participation of <contact fullname="Xiaoyi Liu"/> and <contact
      fullname="Jeff Weinstein"/> in helping to author the original versions
      of this document.</t>
      <t>The authors would like to thank <contact fullname="Brian LaMacchia"/>
      for his work in developing and writing up many of the concepts presented
      in this document.  The authors would also like to thank <contact
      fullname="Alex Deacon"/> and <contact fullname="Barb Fox"/> for their
      contributions.</t></blockquote>
    </section>
    <section anchor="contributors" numbered="false" toc="include">
      <name>Contributors</name>
      <contact initials="J." surname="Schaad" fullname="Jim Schaad">
        <organization>August Cellars</organization>
        <address>
      </address>
      </contact>
      <contact initials="M." surname="Myers" fullname="Michael Myers">
        <organization>TraceRoute Security, Inc.</organization>
        <address>
      </address>
      </contact>
    </section>
  </back>
</rfc>
