GB∕ T 25320.11-2023 電力系統(tǒng)管理及其信息交換 數(shù)據(jù)和通信安全 第11部分：XML文件的安全（正式版）

GB/T25320.11—2023/IEC62351-11電力系統(tǒng)管理及其信息交換數(shù)據(jù)和通信安全第11部分：XML文件的安全國(guó)家市場(chǎng)監(jiān)督管理總局國(guó)家標(biāo)準(zhǔn)化管理委員會(huì)I Ⅲ IV 1 1 2 24.1概述 2 34.3應(yīng)對(duì)安全攻擊 35XML文件 36XML文件封裝 46.1概述 4 5 6 6.7安全算法選擇 7示例文件(資料性) 207.1非加密示例 7.2加密示例 23 29 1 3 4 4 5 6 7 7圖9ACL限制類型ACLRestrictionType的XSD復(fù)雜類型定義 8 Ⅱ 20 6 8表5ACLRestrictionType元素的定義 9表6ACLType枚舉值的定義 Ⅲ—第1部分：通信網(wǎng)絡(luò)和系統(tǒng)安全安全問題介紹。目的在于介紹GB/T(Z)25320的其他部-—第3部分：通信網(wǎng)絡(luò)和系統(tǒng)安全包含TCP/IP的協(xié)議集。目的在于規(guī)定如何通過限于傳輸——第5部分：GB/T18657等及其衍生標(biāo)準(zhǔn)的安全。目的在于定義了應(yīng)用程序配置文件——第12部分：分布式能源(DER)系統(tǒng)的快速恢復(fù)和安全建議。目的在于提高分布式能源——第100-1部分：IEC62351-5和IECTS60870-5-7的一致性測(cè)試用例。目的在于提供了V12Glossaryofterms)W3CXML1.0典型規(guī)范，網(wǎng)際網(wǎng)路聯(lián)盟(RecommendedCanonicalXML1.0withcomments)(/TR/2001/REC-xml-cl4n-2001031W3CXML1.0規(guī)范要求，網(wǎng)際網(wǎng)路聯(lián)盟(RequiredCanonicalXML1.0,Omitscomments)(/TR/2001/REC-xml-2)機(jī)密或私有數(shù)據(jù)；35XML文件用戶用戶A4隨機(jī)值加密簽名覆蓋5圖4描述了本文件的XML文件的通用XSD結(jié)構(gòu)。定義符合表1?？蛇x(O)/強(qiáng)制(M)/有條件的(信息頭)M(見6.2)系信息(不加密)C(見6.3)看原始文件內(nèi)容)。如果用戶不關(guān)心信息的機(jī)密性，或者可通過其他外部機(jī)制提供機(jī)密性，宜使用此選項(xiàng)。(加密)C(見6.4)為原始文件的訪問控制和封裝提供加密。如果用戶有對(duì)信息進(jìn)行私密性防護(hù)的意愿，且不能通過外部機(jī)制獲得私密性防護(hù)，宜使用此選項(xiàng)。XSD元素nonEncrypted和Encrypt(簽名)MW3CXMLSignature信息的信息頭類型HeaderType的XSD結(jié)構(gòu)應(yīng)符合圖5。Q1-DateTimeOfEnQI:ResponsibleEntity信息頭類型HeaderType是一個(gè)XSD復(fù)6可選(O)/強(qiáng)制(M)/有條件的(版本號(hào))M為“1.0”DateTimeOfEncapsul(封裝的日期時(shí)間)M指對(duì)原始文件進(jìn)行封裝的日期和時(shí)間(文件描述)O的，則此元素是必需的，因?yàn)槿绻霈F(xiàn)問題，用戶將無法(責(zé)任實(shí)體)O(見6.6.2)(聯(lián)系信息)O用戶提供的字符串，其中可能包含文件使用者在遇到問7GB/T25320.11—2023/IEC62351-11:2016可選(O)/強(qiáng)制(M)/有條件的(隨機(jī)數(shù))M見6.3.2(訪問控制)O(見6.3.3)這個(gè)元素用于表達(dá)訪問控制信息。如果未出現(xiàn)訪問控制元素，訪問控制的默認(rèn)值是允許所有的訪問(正文)M此元素表示一個(gè)與安全相關(guān)的屬性，該屬性確保如果同一主體使用相同AccessControl允許零(0)值，因?yàn)锳ccessControl是可選項(xiàng)，或者為封裝的文件指定多組訪問信Q1:AccessControlQ1:AccessCAccessControl元素是由一個(gè)或多個(gè)訪問控制信息AccessControlInformation(s)組成的XSD序列。每個(gè)AccessControllInformation都對(duì)應(yīng)一個(gè)XSD類型的訪問控制類型AccessControlType,其結(jié)構(gòu)符合圖8。Q1:ACLRestriction由8如Contractual或ACLRestricContractual或ACL是一個(gè)由表4中定義的元素所組可選(O)/強(qiáng)制(M)/有條件的(契約文件名)M語句中指定的信息有關(guān)的允許訪問權(quán)限/特權(quán)的信息(ACL限制)M(見)ACLRestriction的使用允許用戶指定白名單或(XML路徑)O(見)此元素包含XPATH值，該值表示正文中包含的信ACLRestictionType白9可選(O)/強(qiáng)制(M)/有條件的(C)(ACL類型)M(見)用于描述訪問限制規(guī)則是允許還是拒絕。因此，對(duì)應(yīng)ACLType的枚舉值應(yīng)是：Allow和DenyM(見)用于允許用戶聲明一系列的可允許或拒絕的訪問權(quán)(ACL應(yīng)用于)M(ACL期限)(用于指定訪問控制規(guī)則不再適用的日期和時(shí)間。在一個(gè)XML文件中可能包含有多個(gè)ACL,因此對(duì)于存在公共約束值和相同/重疊的定義(允許)描述對(duì)應(yīng)的ACLRestrictionType是用于創(chuàng)建白名單，且對(duì)特定ACLAppliedTo對(duì)straints特定約束權(quán)限是允許(拒絕)描述對(duì)應(yīng)的ACLRestrictionType是用于創(chuàng)建黑名單，且對(duì)特定ACLAppliedTo對(duì)straints特定約束權(quán)限是拒絕定義(全部)聲明對(duì)讀取、寫入和列表的所有權(quán)限。Read讀取權(quán)限，(如果允許)表示實(shí)體可以提供值/元素給另一個(gè)實(shí)體。Write寫入權(quán)限，(如果允許)表示實(shí)體能夠?qū)χ?元素進(jìn)行修List列表權(quán)限，(如果允許)表示實(shí)體能夠獲知值/元素是否存因此，All值與Read、Write、List和Forward是互斥的。如果在ACLConstraints的特定實(shí)例中指(傳遞值)聲明對(duì)XPATH指定的信息值傳遞給另一個(gè)實(shí)體的能力。該聲明中的Read權(quán)限隱含了List的權(quán)限。例如，如果ACLType的枚舉值是Allow,則一個(gè)實(shí)體將能夠?qū)α硪粋€(gè)實(shí)體提供信(寫)聲明對(duì)XPATH指定信息的值具有修改的權(quán)限EntityType的結(jié)構(gòu)應(yīng)符合圖10。借”:圖10實(shí)體類型EntityType的XSD復(fù)雜類型EntityType是一個(gè)實(shí)體規(guī)范組合的XSD序列，用于確定ACL適用的實(shí)體。表8定義了EntityType可選(O)/強(qiáng)制(M)/有條件的(可分辨名稱)M(見6.6.2)系人(如組織或個(gè)人)以及ACL的適用人信息(URL地址)M用于聲明適用ACL的網(wǎng)址信息。的特定FTP站點(diǎn)引用到一個(gè)組織(角色)O(見)分組的類型Role是一個(gè)xs:string,其值通過枚舉進(jìn)行限制。字符串的允許值按照IECTS62351-8進(jìn)行定義。此元素包含XPATH值，該值引導(dǎo)指定的約束到Body中對(duì)應(yīng)的信息標(biāo)簽。如果未指定XPATH,指定的約束應(yīng)適用于整個(gè)Body元素?？?lt;7xmlversion='1.0'enxo<Q1IEC62351-11xmlnsnl="http//wwwaltovacom/samplexm/other-namespace'xmnsQ1="http//wwwiecch/2014/01/6xmlnsds="http///200009/mmldsig#'xmhnsenc="http/M2001/04mlenct'xmhnsxsi="http/Mww.w3org2001/XMLSchema-instancexsishemaloxabon="http//wwwiec.ch/2014/01/62351-11#fie//CUsers/root/Desktop/IEC62351-11/EC62351-1<Q1:Nonce>85343410947jgfa8312b<Q1XPATH>//zimPowerIransformelerdtID=_I20568311Z056<rdt:RDFxminsrdf="http///1999/02/22-df-syntax-ns#xmhscim="http/leech/TC57/200/CIM-schema-cm14°><cmPowerTransformerrdtJID='IZ0568311<amldentfedObjectname>UNKNOWN</cimldentifiedObjectna<amEquipmentMemberOfEquipmentContainerrdtresourte='#52056831120568422%><cmldentfedObjectname>500</am:ldentfed<omSubGeographcalkegiondfD='ZX下<cimldentifedObject,name>XX</cimldentif<cimSubGeographicalRegion.Regionrdtresource=*H_XX/><cim.ControlAreanetinterchange>0</cimControlAreanetinterchange><cimldentifedObjectname>SUBSTATION_2</cim:ldent<dsCanonicalizationMethodAlgorithm="/TR/2001/REC-xml-d4n-2001031<ds.SignatureMethodAlgorithm='2001/04/xmldsig-more<dsHMACOutputlength>128</dsHMA<dsDigestMethodAlgorithm=*2001/04/xmldsig-more<rdf.RDFxmlns:rdf="http:/Mww.W3.org/199902/22-rdf-syntax-ns#xmlns:cim="http:/iec.ch/TC57/2009/CIM-schema-cim14#><cim:PowerTransformerrdf.ID="TZ0568311_Z056<cim:ldentifiedObjectname>UNKNOWN</cim:ldent<cim:Equipment.MemberOf_EquipmentContainerrdfresource="#SZ0568311Z056<cim:BaseVoltage.nominalVoltage>500</cim:BaseVoltage.nom<cim:BaseVoltageisDC>false</cim:BaseVo<cim:ldentifiedObjectname>500</cim:ldentfiedObjec<cim:SubGeographicalRegionrdf.ID="Z<cim:ldentifiedObjectname>XX</cim:l<cim:SubGeographicalRegion.Regionrdfresou<cim:ldentifiedO>ControlArea_XX</cim:ldentifiedObject<cim:ControlAInterchange>O</cim:ControlA<cim:ControlArea.pTolerance>O</cim:ControlArea<cim:Substationrdt.ID="<cim:ldentifiedO>SUBSTATION_2</cim:ldentifie<cim:Substation.Regionrdfr二二二xenc:EncryptionProper W3C中的EncryptionMethodType指定了EncryptionMethod曰在加密元素中應(yīng)出現(xiàn)可選的EncryptionMethod信息，其數(shù)值應(yīng)符合IANA的規(guī)定(見第8章)?！?009/xmlencll#aes128-gc——2009/xmlencll#aes192-gc——2009/xmlencl1#aes256-gc三三如果EncryptedDataType中的KeyInfo元素不存在，則SignatureKeyInfo元素的值應(yīng)用于加G身Signature元素的結(jié)構(gòu)定義采用了W3C定義的Si==[ia..方法應(yīng)是推薦的方法之一：/TR/2001/REC-xml-cl4n-20010315#WithCom-(/assignments/xml-security-uris/xml-se——2001/04/xmldsig-more#hmac-sha25——2001/04/xmldsig-more#hmac-sha38——2001/04/xmldsig-more#hmac-sha51●不應(yīng)聲明ReferenceType的轉(zhuǎn)換Transforms信息；---2001/04/xmldsig-more#sha224;中中 2001/04/xmldsig-more#s(elementname="DigestValue"type="ds:DigestValueType"(simpleTypename="DigestValueType"><restrictionbase="base64Binary"/>圖22。NameSeqTypeName元素是xs:string類型。<?xmlversion="1.0"encoding<Q1:IEC62351-11xmlns:Q1="http://www.iec.ch/2014/01/62351-11#"/2000/09/xmldsxmlns:enc="/2001/04/xmlns:xsi="/2001/XMLSchema-xsi:schemaLocation="http://www.iec.ch/2014/01/62351-11#file:///C:/User《Q1:DateTimeOfEncapsulation>2014-04-14T21:32:52</Q1:DateTim《Q1:Filedesc>ExampleIEC62351-11n(Q1:Nonce>85343410947jgfa8312b<Q1:XPATH>//cim:PowerTransformer[@rdf:ID='TZZ0568422124574'](</Q1:AcessControllnfo<rdf:RDFxmlns:rdf="/1999/02/22-rdf-syntax-ns#cim="http://iec.ch/TC57/2009/CIM-s<cim:PowerTransformerrdf:ID="_T_Z0568311_Z<cim:IdentifiedO>UNKNOWN</cim:IdentifiedO)<cim:Equipment.MemberOf_EquipmentContainerrdf:resource="#S<cim:BaseVoltagerdf:ID="<cim:BaseVoltage.nominalVoltage>500</cim:BaseVoltage.n<cim:IdentifiedO>500</cim:Identified<cim:SubGeographicalRegionrdf:ID<cim:IdentifiedO)XX(/cim:Identified<cim:SubGeographicalRegion.Regionrdf:resourc<cim:ControlAreardf:ID="_CA_X"><cim:IdentifiedO>ControlArea_XX</cim:<cim:ControlAInterchange>0</cim:ControlArea,net<cim:ControlArea.pTolerance>0</cim:ControlArea<cim:Substationrdf:ID="_S_10000<cim:IdentifiedO>SUBSTATION_2</cim:Identifie<ds:CanonicalizationMethodAlgorithm="/TR/2001/REC-xml-<ds:SignatureMethodAlgorithm="2001/04/xmldsig-more#hmac-sha256"><ds:HMACOutputLength>128</ds:HMACOutp<ds:DigestMethodAlgorithm="2001/04/xmldsig-more#sha384"></ds:DigestMethod>(ds:SignatureValue)dGhpcyBpcyBub3QgYSBzaWduYXR1cmUK</d<ds:X509SerialNumber></ds:X509Seri<?xmlversion="1.0"encoding="<Q1:IEC62351-11xmlns:nl=/samplexml/other-namespaceQ1="http://www.iec.ch/2014/0xmlns:ds="/2000/09/xmldsig#"xmlns:enc="/xmlns:xsi="/2001/XMLSchema-xsi:schemaLocation="http://www.iec.ch/2014/01/62351-11#file:///C:/Us<Q1:EncryptedType="/2001/04/xmlenc#Element"><enc:EncryptionMethodAlgorithm="2009/xmlencl1#aes128TWFulGlzIGRpc3RpbmdlaXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZIHNpbmdlbGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3adGhlIG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGdWVkIGFuZCBpbmRIZmF?aWdhYmxlIGdlbmVyYXRpb24gb2Yga25vZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhAlgorithm="/TR/2001/R<ds:SignatureMethodAlgorithm="2001/04/xmldsig-more#hmac-sha256")(ds:HMACOutputLength>128</ds:HMAC<ds:DigestMethodAlgorithm="2001/04/xmldsig-more#sha384"></ds:DigestMethod><ds:DigestValue)dGhpcyBpcyBub3QgYSBzaWduYXR1cmUK</ds:D<ds:SignatureValue>dGhpcyBpcyBub3QgYSBzaWduYXR1cmUK</ds:Sign<ds:X509IssuerName>IEC(/ds:X509Iss<ds:X509SerialNumber>0123</ds:X509Seria為了提供與IEC62351(所有部分)中其他部分相同的安全性/類似的加密算法選擇(尤其是IEC62351-3中TLS的協(xié)議集),推薦的加密算法標(biāo)記為粗體，請(qǐng)注意，本推薦不宜限制更強(qiáng)算法的2000/09/xmldsig#base64Transform2000/09/xmldsig#DSAKeyValueRetriev2000/09/xmldsig#enveloped-signatureTransform2000/09/xmldsig#hmac-shalSignatureMethod2000/09/xmldsig#MgmtDataRetrievaltype2000/09/xmldsig#PGPDataRetri2000/09/xmldsig#rawX509CertificateRetrieval2000/09/xmldsig#RSAdRetrievaltype2001/04/xmldsig-more#2001/04/xmldsig-more#camell2001/04/xmldsig-more#camell2001/04/xmldsig-more#camell2001/04/xmldsig-more#ec2001/04/xmldsig-more#ecds2001/04/xmldsig-more#ecds2001/04/xmldsig-more#ecds2001/04/xmldsig-more#es2001/04/xmldsig-more#esig2001/04/xmldsig-more#esig2001/04/xmldsig-more#esig2001/04/xmldsig-more#esig2001/04/xmldsig-more#2001/04/xmldsig-more#hmac-SignatureMethod[RFC6931],sectSignatureMethod[RFC6931],secti 2001/04/xmldsig-more#hma2001/04/xmldsig-more#hma2001/04/xmldsig-more#hma2001/04/xmldsig-more2001/04/xmldsig-more#2001/04/xmldsig-more#kw-ca2001/04/xmldsig-more#kw-ca2001/04/xmldsig-more#kw-ca2001/04/xmldsig-more#PKCS7signedDataRetrievaltype[RFC6931],section3.22001/04/xmldsig-more#psec-kemEncryptionMethod2001/04/xmldsig-more#rawPGPK2001/04/xmldsig-more#rawPKCS7s2001/04/xmldsig-more#raw2001/04/xmldsig-more#ra2001/04/xmldsig-more#RetrieRetrievaltypeRetrievaltypeRetrievaltype2001/04/xmldsig-moreSignatureMethod[RFC6932001/04/xmldsig-more#rsSignatureMethod[RFC6931],2001/04/xmldsig-more#rsSignatureMethod[RFC6931],sect2001/04/xmldsig-more#rsa-rSignatureMethod[RFC6932001/04/xmldsig-morDigestAlgorithm[RFC6931],section2.1.22001/04/xmldsig-mor2001/04/xmldsig-mor2001/04/xmldsig-more#PK1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendat2001/04/xmlenc#aes192-cb1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation242001/04/xmlenc#aes256-cbcEncryptionMethod["XMLEncryptionSyntaxandProc1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation241"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation24Ja1"],D.Eastlake,J.Reagle,F.Hirsch,T.Ro2001/04/xmlenc#kw-aes192EncryptionMethod["XMLEncryptionSyntax1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation241"],D.Eastlake,J.Reag2001/04/xmlenc#ripemd160DigestAlgorithm["XMLEncryptionSyntaxandProcessingVersion1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation2001/04/xmlenc#rsa-1_5EncryptionMethod["XMLEncryptionSyntaxandPr1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecomm2001/04/xmlenc#rsa-oaep-mgflpEncryptionMethod["XMLEncryptionSyntaxansion1.1"],D.Eastlake,J.Reagle,F.HirD.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRe2001/04/xmlenc#sha512DigestAlgorithm["XMLEn1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation24Ja2001/04/xmlenc#tripledes-cbc1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation24Jan2013.["XML-SignatureXPathFilter2.0"],J.Boyer,M.Huges,J.Reagle,8November2002.2002/06/xmldsig-filter2Transform["XMLPathglund,S.Boag,D.Chamberlin,M.Fernandez,M.Kay,J.Robie,J.Simeon,W3CRecommend2002/07/decrypt#XMLTransform["DecryptionTran2002/07/decrypt#BinarHughes,T.Imamura,H.Maruyama,W3CRecommendation10December2002.2006/12/xmlc12nll#Canonicalization["CanonicalXML2006/12/xmlc14nll#WithCommentBoyer,G.Marcy,W3CRecommendation2May2008.2007/05/xmldsig-more#ecdsa-ripemd160SignatureMet2007/05/xmldsig-more#ecdsa-whirlpoolSignatureMethod[R2007/05/xmldsig-more#kw-seed128EncryptionMethod[R2007/05/xmldsig-more#md2-rsa-MGF1SignatureMethod[RFC6931],section2007/05/xmldsig-more#md5-rsa-MGF1SignatureMethod[RFC6931],section2007/05/xmldsig-more#MGF1SignatureMet2007/05/xmldsig-more#ripemd128-rsa-MGF1SignatureMethod[RFC6931],secti2007/05/xmldsig-more#ripemd160-rsa-MGF1SignatureMethod[RFC6931],secti2007/05/xmldsig-more#rsa-pssSignatureMethod[RFC6931],section2.3.92007/05/xmldsig-more#rsa-sha224SignatureMethod[RFC62007/05/xmldsig-more#rsa-whirlpoolSign2007/05/xmldsig-more#seed128-cbcEncryptionMethod[RFC6931],section2.6.52007/05/xmldsig-more#shal-rsa-MGF1SignatureMethod[RFC6931],sectio2007/05/xmldsig-more#sha224-rsa-MGF1SignatureMetho2007/05/xmldsig-more#sha256-rsa-MGF1SignatureMetho2007/05/xmldsig-more#sha3-224DigestAlgorithm[RFC692007/05/xmldsig-more#sha3-224-rsa-MGF1SignatureMethod[RFC6931],section2.3.102007/05/xmldsig-more#sha3-256DigestAlgorithm[RFC692007/05/xmldsig-more#sha3-256-rsa-MGF1SignatureMethod[RFC6931],section2.3.102007/05/xmldsig-more#sha3-384DigestAlgorithm[RFC692007/05/xmldsig-more#sha3-384-rsa-MGF1SignatureMethod[RFC6931],section2.3.102007/05/xmldsig-more#sha3-512DigestAlgorithm[RFC692007/05/xmldsig-more#sha3-512-rsa-MGF1SignatureMethod[RFC6931],section2.3.102007/05/xmldsig-more#sha384-rsa-MGF12007/05/xmldsig-more#sha512-rsa-MGF12007/05/xmldsig-more#whirlpoolDigestAlgorithm[RFC6931],section2007/05/xmldsig-more#whirlpool-rsa-MGF1SignatureMethod[RFC6931],section2.32009/xmlencll#kw-aes-128-padEncryptionMethod["XVersion1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed2009/xmlencll#kw-aes-192-padEnVersion1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecomme2009/xmlencl1#kw-aes-25Version1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommend2009/xmldsigll#dsa-sha256SignatureMethodRetrievaltypeSolo,F.Hirsch,M.Nystrom,T.Roessler,K.2009/xmldsigll#DEREncodedKeyValueRetrievaltypeRoessler,K.Yiu,ProposedRec2009/xmlencll#aes128-gcmEncryptionMet1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed2009/xmlencll#aes192-gcmEncryptionMet1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed2009/xmlencll#ConcatKDFEncryptionMethod["XMLEncrypt1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation24January2009/xmlencll#mgflsha224SignatureMethod["XMLEncryptionSy1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed2009/xmlencll#mgflsh1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed2009/xmlencll#mgflsha384SignatureMethod["XMLEncryptionSy1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed2009/xmlencll#mgflsha512SignatureMethod["XMLEncryptionSyn1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedRecommendation24January2009/xmlencl1#rsa-oaep1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedR2009/xmlencll#ECDH-E1.1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,Proposed1"],D.Eastlake,J.Reagle,F.Hirsch,T.Roessler,ProposedR2010/xmlsec-ghc#generic-hybridGenericHybrid["XMLSecuriNystrom,F.H