Calendaring Extensions | R. Tse |
Internet-Draft | P. Tam |
Updates: | Ribose |
5545,6321,6350,6351,7953,7265,7 | April 19, 2018 |
095 (if approved) | |
Intended status: Standards Track | |
Expires: October 21, 2018 |
Integrity Protection for vObject, vCard and iCalendar
draft-calconnect-vobject-integrity-01
This document specifies an integrity checking mechanism and related properties for:
This work is produced by the CalConnect TC-VCARD and TC-CALENDAR committees.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 21, 2018.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The ubiquitous vCard and iCalendar standards, also known together as the "vObject" family of standards [I-D.calconnect-vobject-vformat], powers digital contact exchanges, calendaring and scheduling on billions of devices today.
Integrity 2.1.2 is a key property of "information security" defined as the "preservation of confidentiality, integrity and availability of information" 2.33. When provided with a vObject, however, there is no inherent method to detect its own data integrity.
In reality, people are known to exchange vCard and iCalendar data through unreliable means, which could affect data integrity during its data lifecycle:
Previous standards were established in a time where integrity concerns were less widespread, and relied solely on data transport, application and storage integrity without considering on whether the content transmitted, processed or retrieved was as intended without modification or corruption.
This document specifically deals with information integrity in face of the following risks:
The standards subject to such risks include:
This document provides:
Organizations that implement information security management systems, such as [ISO-IEC-27001], MAY find this document applicable to their own processes.
The decision to update the existing vCard version 4 [RFC6350] and iCalendar [RFC5545] standards were chosen to maintain maximum backwards compatibility.
This work is produced by the CalConnect TC-VCARD [CALCONNECT-VCARD] and TC-CALENDAR [CALCONNECT-CALENDAR] committees.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
The key words "Private Use", "Experimental Use", "Hierarchical Allocation", "First Come First Served", "Expert Review", "Specification Required", "RFC Required", "IETF Review", "Standards Action" and "IESG Approval" in this document are to be interpreted as described in 4.
The definitions from [I-D.calconnect-vobject-vformat] are inherited in this document unless explicitly overriden.
These functions are REQUIRED and MUST be implemented for compliance to this document.
Sorts an list according to alphabetical order (A-Z).
This function returns a Unicode string (7) containing a string representation of a list of string values, each followed by a selected delimiter character.
LIST-TO-TEXT(list, delimiter) = value(list, 1) + delimiter + value(list, 2) + delimiter + ... value(list, last-element-position(list))
where: * + indicates concatenation; * value(l, i) is the i-th value in the list l in string representation; * last-element-position(a) returns the last element position of list l.
This function returns a Unicode string (7) representation of the normalized property parameter key.
PREPHASH-PROPERTY-PARAMETER-KEY(parameter) = normalize(key(parameter))
where: * + indicates concatenation; * key(parameter) is the property parameter key; * normalize(s) is a function that normalizes the key s.
This function returns a Unicode string (7) representation of the normalized property parameter values.
PREPHASH-PROPERTY-PARAMETER-VALUES(parameter) = LIST-TO-TEXT( SORT( values(parameter, 1), values(parameter, 2), ... ), ";" )
where: * + indicates concatenation; * values(parameter, i) is the i-th property parameter value in parameter.
Converts a property parameter into a string, with its key and values.
This function returns a Unicode string (7) containing a sequence of zero or more list values in string format, each followed by a ';' character.
PREPHASH-PROPERTY-PARAMETER(parameter) = "{" + PREPHASH-PROPERTY-PARAMETER-KEY(property) + ":" + PREPHASH-PROPERTY-PARAMETER-VALUES(property) + "}"
where: * + indicates concatenation.
This function returns a Unicode string (7) representation of a set of property parameters.
We exclude the VALUE property parameter in this calculation (such as VALUE=TEXT) as this information is represented in PREPHASH-PROPERTY-VALUE-HASHA.
PREPHASH-PROPERTY-PARAMETERS(property) = "#" + LIST-TO-TEXT( SORT([ PREPHASH-PROPERTY-PARAMETER(parameter(property, 1)), PREPHASH-PROPERTY-PARAMETER(parameter(property, 2)), ... ]), ";" )
where: * + indicates concatenation; * parameters(property, i) is the i-th parameter of property.
This function returns a Unicode string (7) representation of the normalized property key.
PREPHASH-PROPERTY-KEY(property) = normalize(key(property))
where: * + indicates concatenation; * key(property) is the property key; * normalize(s) is a function that normalizes the key s.
This function returns a Unicode string (7) representation of the normalized property value type. Since the property value type is represented here, we exclude the VALUE property parameter in PREPHASH-PROPERTY-PARAMETERS (such as VALUE=TEXT)
PREPHASH-PROPERTY-VALUE-HASHA(property) = UPCASE(type(property))
where: * + indicates concatenation; * type(property) is the property value type, if not explicitly provided, it should be filled in according to [RFC6350]; * normalize(s) is a function that normalizes the property value type s.
This function returns a Unicode string (7) representation of the normalized property values.
Certain content types allow storing multiple values (as a list) in the same property line. For example, in the ADR and N properties, values are separated by the ";" delimiter, while in NICKNAME and CATEGORIES they are separated by the "," delimiter 3.3.
PREPHASH-PROPERTY-VALUES(property) = LIST-TO-TEXT( SORT( values(property, 1), values(property, 2), ... ), ";" )
where: * + indicates concatenation; * values(property, i) is the i-th property value in property.
This function returns a Unicode string (7) representation of a single property.
PREPHASH-PROPERTY(property) = PREPHASH-PROPERTY-KEY(property) + ":" + PREPHASH-PROPERTY-VALUE-HASHA(property) + "/" + PREPHASH-PROPERTY-VALUES(property) + "?" + PREPHASH-PROPERTY-PARAMETERS(property)
where: * + indicates concatenation
This function returns a Unicode string (7) representation of a single property.
HASH-PROPERTY-TO-TEXT(property) = PREPHASH-PROPERTY-KEY(property) + ":" + HASH(PREPHASH-PROPERTY(property)
where: * + indicates concatenation
This function returns a Unicode string (7) representation of a set of properties.
HASH-AND-PREPHASH-PROPERTIES(properties) = LIST-TO-TEXT( SORT([ HASH-PROPERTY(property(properties, 1)), HASH-PROPERTY(property(properties, 2)), ... ]), CRLF )
where: * + indicates concatenation; * property(properties, i) is the i-th property of properties; * HASH(s) is selected cryptographic hash function applied to string s.
This function returns a Unicode string (7) representation of the normalized vObject name.
PREPHASH-COMPONENT-NAME(component) = normalize(name(component))
where: * name(c) is the component name of component c.
This function returns a Unicode string (7) representation of a vObject. The similarity of this representation with the vObject structure is intentional for readability purposes.
PREPHASH-COMPONENT(component) = "BEGIN:" + PREPHASH-COMPONENT-NAME(component) + ":CHECKSUM" + CRLF + HASH-AND-PREPHASH-PROPERTIES(properties(component)) + CRLF + "END:" + PREPHASH-COMPONENT-NAME(component) + ":CHECKSUM"
where: * + indicates concatenation; * properties(c) returns the properties of the component c in an list;
This function returns a Unicode string (7) as the output of a selected cryptographic hash function applied on a vObject.
HASH-COMPONENT(component) = HASH(PREPHASH-COMPONENT(component))
This function returns the calculated hash of an input string and outputs the hash in string representation.
HASH(string) = generate-hash-function( selected-hash-function, selected-hash-parameters )(string)
where: * generate-hash-function(a, p) creates a new cryptographic hash function that uses the hash algorithm a with algorithm parameters p which takes a string input and generates the hash using a string output; * selected-hash-function is the selected cryptographic hash algorithm selected by the user (and/or CUA); * selected-hash-parameters are the selected parameters for the selected cryptographic hash function by the user (and/or CUA), and could be different per algorithm.
Property cardinalities are indicated in the same method as provided by [RFC6350] based on ABNF 3.6.
These registration details for the CHECKSUM property adhere to rules specified in 10.2.1.
Nil.
CHECKSUM
Allows content integrity detection and verification against data corruption of a vObject.
A single text value.
*
HASHA, HASHP
TEXT
CHECKSUM is an OPTIONAL property of a vObject. There can be multiple CHECKSUM properties within the same vObject. vObject client implementations are RECOMMENDED to implement CHECKSUM for a basic level of integrity guarantee.
The CHECKSUM value used to compare the checksum of data should be selected in this way:
ABNF:
CHECKSUM-param = "VALUE=text" CHECKSUM-param = pid-param / pref-param / altid-param / checksum-param-hasha / checksum-param-hashp / iana-token CHECKSUM-value = TEXT ; Value type and VALUE parameter MUST match.
CHECKSUM: ad58ca4f14b317dea48987f4991bdcd56fdf0f6a95049623f0fe5c4453d157e0 CHECKSUM;PREF=99: 3ac0e03cccda6663ed32052749cc5c607d88e381f9cfcb795317bc39a57909e3 CHECKSUM;HASHA=sha224: 22e92efac9d7b0e63695a9d960376ace1e69eb317e3d42c5c94f1401
The CHECKSUM allowed property parameters of PID, PREF, ALTID have the same meaning as on other properties [RFC6350].
The PREF property parameter indicates the preference of the vCard author on which CHECKSUM value to put most weight on.
Usage of this parameter is further explained in Section 7.
Registration details for the HASHA property parameter adhere to rules specified in 10.2.1
Nil.
HASHA
Specify the hash function used for the property value
Possible values are defined in Section 14.3.
The HASHA Property Parameter MUST not be applied on properties other than CHECKSUM unless specified.
New HASHA hash functions MUST be specified in a Standards Track RFC.
ABNF:
hasha-param = "HASHA=" hasha-value *("," hasha-value) hasha-value = "sha3-256" / iana-token / x-name ; This is further defined in <<checksum_functions>>
CHECKSUM;HASHA=sha384: 4055b176af753e251bc269007569c8f9633e6227a5f9727381cfba0bbb44a0c9 25b8d31d72083d9cb4dc1da278f3a4e4
CHECKSUM;HASHA=streebog256: TODO
Certain hash functions such as extendable output functions (XOFs) can be customized:
Since each hash function may take different specifiers, each hash function identifier MAY specify its own set of HASHP specifiers in a particular order. The parameter value(s) entered MUST conform to the hash function’s specification in a Standards Track RFC. An implementation MUST follow the value type interpretation specified for the hash function.
For example, in Section 9.1.1, the cSHAKE-128 algorithm (with the identifier cshake128) takes (L, N, S) as input, where L is an integer to specify the output bit length, N is a text string representing the function name, S is a text string for customization purposes. When given a HASHP parameter value "512,address book,Orange", for the HASHA identifier cshake128, the implementation MUST recognize that L is the integer 512, N is the string "address book", and S is the string "Orange".
Registration details for the HASHP property parameter adhere to rules specified in 10.2.1
Nil.
HASHP
Describe hash function specifiers used for the property value.
Provide specifiers for the HASHA hash function used to calculate the property value.
Possible values are defined in Section 14.4.
The HASHP Property Parameter MUST not be applied on properties other than CHECKSUM unless specified.
ABNF:
hashp-param = "HASHP=" hashp-value *("," hashp-value) hashp-value = param-value ; This list of values must be specified in the exact order and value type defined in <<supported_table>>
Example(s):
CHECKSUM;HASHA=shake128;HASHP=512,"Directory Service Identifier": TODO
CHECKSUM;HASHA=parallelhash128;HASHP=64,512: TODO
Data integrity is important during storage and transmission of a vObject.
If an implementation stores vObjects directly on disk or in memory, it is RECOMMENDED that:
An implementation that supports CHECKSUM MUST adhere to the following rules:
There are 3 validity states of a vObject:
Given one CHECKSUM property, an implementation that supports the CHECKSUM property SHOULD reach the following conclusions about the vObject:
If a vObject has more than one non-empty CHECKSUM property, an implementation should validate according to the rules below.
The following method to calculate CHECKSUM is devised for these desired properties:
For implementations that handle CHECKSUM, its calculation MUST be performed after all property updates including REV, which is often updated during save.
Steps to calculate CHECKSUM:
The CHECKSUM value is calculated by a chosen cryptographic hash function specified in the HASHA property parameter. Certain hash functions accept customization specifiers, which can be specified in the HASHP property parameter.
CHECKSUM supports the following hash algorithms.
CHECKSUM supported hash algorithms are listed in the following table.
Algorithms with no specifiers:
Algorithm | Identifier | Message Digest Size (bits) | Description |
---|---|---|---|
SHA-2 SHA-224 | sha224 | 224 | [RFC6234]; [NIST-FIPS-180-4]; [ISO-IEC-10118-3] Dedicated Hash-Function 8 (SHA-224) |
SHA-2 SHA-256 | sha256 | 256 | [RFC6234]; [NIST-FIPS-180-4]; [ISO-IEC-10118-3] Dedicated Hash-Function 4 (SHA-256) |
SHA-2 SHA-384 | sha384 | 384 | [RFC6234]; [NIST-FIPS-180-4]; [ISO-IEC-10118-3] Dedicated Hash-Function 6 (SHA-384) |
SHA-2 SHA-512 | sha512 | 512 | [RFC6234]; [NIST-FIPS-180-4]; [ISO-IEC-10118-3] Dedicated Hash-Function 5 (SHA-512) |
SHA-2 SHA-512/224 | sha512-224 | 224 | [NIST-FIPS-180-4]; [ISO-IEC-10118-3] Dedicated Hash-Function 9 (SHA-512/224) |
SHA-2 SHA-512/256 | sha512-256 | 256 | [NIST-FIPS-180-4]; [ISO-IEC-10118-3] Dedicated Hash-Function 10 (SHA-512/256) |
WHIRLPOOL | whirlpool | 512 | [WHIRLPOOL]; [ISO-IEC-10118-3] Dedicated Hash-Function 7 (WHIRLPOOL) |
STREEBOG-256 | streebog256 | 256 | [STREEBOG] GOST R 34.11-2012; [RFC6986]; [ISO-IEC-10118-3] Dedicated Hash-Function 12 (STREEBOG-256) |
STREEBOG-512 | streebog512 | 512 | [STREEBOG] GOST R 34.11-2012; [RFC6986]; [ISO-IEC-10118-3] Dedicated Hash-Function 11 (STREEBOG-512) |
SHA3-224 | sha3-224 | 224 | [NIST-FIPS-202]; [ISO-IEC-10118-3] Dedicated Hash-Function 13 (SHA3-224) |
SHA3-256 | sha3-256 | 256 | [NIST-FIPS-202]; [ISO-IEC-10118-3] Dedicated Hash-Function 14 (SHA3-256) |
SHA3-384 | sha3-384 | 384 | [NIST-FIPS-202]; [ISO-IEC-10118-3] Dedicated Hash-Function 15 (SHA3-384) |
SHA3-512 | sha3-512 | 512 | [NIST-FIPS-202]; [ISO-IEC-10118-3] Dedicated Hash-Function 16 (SHA3-512) |
SM3 | sm3 | 512 | <<?I-D.shen-sm3-hash>>; [SM3]; [ISO-IEC-10118-3] Dedicated Hash-Function 17 (SM3) |
IANA registered hash algorithm | iana-token | iana-token | IANA |
Vendor-specific hash algorithm | x-token | Vendor specific | Vendor specific |
Algorithms with specifiers:
Algorithm | Identifier | Message Digest Size (bits) | Specifier(s) | Description |
---|---|---|---|---|
SHAKE-128 | shake128 | Varys | L: integer (default: 256) | [NIST-FIPS-202] |
SHAKE-256 | shake256 | Varys | L: integer (default: 512) | [NIST-FIPS-202] |
cSHAKE-128 | cshake128 | Varys | L: integer (default: 256), N: text (default: ""), S: text (default: "") | [NIST-SP-800-185] |
cSHAKE-256 | cshake256 | Varys | L: integer (default: 512), N: text (default: ""), S: text (default: "") | [NIST-SP-800-185] |
ParallelHash-128 | parallel128 | Varys | B: integer (default: 64), L: integer (default: 256), S: text (default: "") | [NIST-SP-800-185] |
ParallelHash-256 | parallel256 | Varys | B: integer (default: 64), L: integer (default: 256), S: text (default: "") | [NIST-SP-800-185] |
IANA registered hash algorithm | iana-token | iana-token | iana-token | IANA |
Vendor-specific hash algorithm | x-token | Vendor specific | Vendor specific | Vendor specific |
sha3-256('BEGIN:VCARD') = "f1fcbc9bddcd44b1e50db99a277bc868" + "61736eb32cb30ef7e7a2c9ef95c05d50"
The default algorithm is sha3-256. An implementation that supports this document MUST support at least the sha3-256 function.
Secure Hash Algorithm 2 (SHA-2) is a family of secure hash algorithms defined in [NIST-FIPS-180-4]: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256.
WHIRLPOOL is a hash function that operates on messages less than 2^256 bits in length, and produces a hash value of 512 bits [WHIRLPOOL].
It uses Merkle-Damgard strengthening and the Miyaguchi-Preneel hashing scheme with a dedicated 512-bit block cipher called W [WHIRLPOOL].
SM3 is a hash function <<?I-D.shen-sm3-hash>> standardized by the Chinese Commercial Cryptography Administration Office [SM3] for the use of electronic authentication service systems.
SM3 is an iterated hash function based on a Merkle-Damgard design, processes on 512-bit input message blocks with a 256-bit state, and produces a 256-bit hash value.
Secure Hash Algorithm-3 (SHA-3) is a family of hash functions defined in [NIST-FIPS-202] consisting of:
Each SHA-3 function is based on an instance of the KECCAK algorithm [KECCAK] which won the SHA-3 Cryptographic Hash Algorithm Competition [NIST-FIPS-202].
Notes concerning SHA-3 based XOFs [NIST-FIPS-202]:
Streebog (or Stribog) is a family of two separate hash functions defined in the Russian standard GOST R 34.11-2012 [STREEBOG] where the functions differ in their output lengths, which are 256- and 512-bits respectively.
Streebog accepts message block sizes of 512-bits, and both functions only differ in the different IVs used other than the output length [STREEBOG].
BLAKE2, described in [BLAKE2] and [RFC7693], is a hash algorithm that comes in two flavors, BLAKE2b and BLAKE2s. It is the successor of BLAKE [BLAKE] which was a NIST SHA-3 competition finalist.
While BLAKE2 allows customizing parameters, including salt and a customization string, implementations that adhere to this specification should adopt BLAKE2 as defined in [RFC7693].
[NIST-SP-800-185] defines a number of additional hash algorithms based on algorithms defined in [NIST-FIPS-202], including:
Both cSHAKE and ParallelHash are XOFs that can produce variable length output. The number suffix at their names mean the security strength bits of the algorithm.
For our purposes we specify the following strength families of hash algorithms. Hash functions placed in the higher bracket are considered "more resistant" in algorithm selection.
Strength | Hash Function Identifier |
---|---|
1 | sha224, sha256, sha384, sha512, sha512-224, sha512-256 |
2 | whirlpool, streebog256, streebog512 |
3 | blake2b256, blake2b384, blake2b512, blake2s224, blake2s256, sm3, shake128, shake256, sha3-224, sha3-256, sha3-384, sha3-512 |
Selection of the hash function should be based on a balance of collision resistance, performance, history and interoperability.
The following hash functions are specifically excluded due to stated reasons:
CardDAV servers are RECOMMENDED to calculate and provide an extra CHECKSUM property for al vCard retrieval requests in order to provide a base level of integrity guarantee.
The CHECKSUM property and its parameters are fully compatible with the CardDAV mechanism described in [RFC6352].
6.3.2 specifies how to create address object resources.
An implementation abiding to this specification MUST augment this process according to the following.
This specification creates an additional precondition and postcondition for the PUT, COPY, and MOVE methods when:
(CARDDAV:valid-address-data-checksum) The address object resource submitted in the PUT request, or targeted by a COPY or MOVE request, contains a CHECKSUM property:
Certain servers perform silent changes or cleanups of client provided vCard data when stored as address object resources, such as the order of property parameters or scrubbed values.
The resulting vCard data stored on the server (and when returned back to the client) may end up different than that of the client without its knowledge. It is therefore necessary for the client to be reported on such modifications.
(CARDDAV:resource-not-modified): The address object resource should not be modified by the server such that its original CHECKSUM value becomes invalid.
The CalDAV [RFC4791] calendar access protocol allows clients and servers to exchange iCalendar data. iCalendar data is typically stored in calendar object resources on a CalDAV server.
A CalDAV server is RECOMMENDED to return iCalendar data with integrity protection.
A CalDAV client typically updates the calendar object resource data via an HTTP PUT request, which requires sending the entire iCalendar object in the HTTP request body.
iTIP [RFC5546] defines how iCalendar data can be sent between calendar user agents to schedule calendar components between calendar users.
This specification is compatible with iTIP transfer of iCalendar data.
The XML representation [RFC6351] of the CHECKSUM property follows the example shown below. For this property, the value type MUST be set to "text" and parameter "type" MUST also be set to "text".
<checksum> <parameters> <hasha> <text>sha224</text> </hasha> <pref> <integer>99</integer> </pref> </parameters> <text>22e92efac9d7b0e63695a9d960376ace1e69eb317e3d42c5c94f1401</text> </checksum>
The JSON representation of the CHECKSUM property follows [RFC7095] as the example shown below.
["checksum", { "hasha": "sha224", "pref": "99" }, "text", "22e92efac9d7b0e63695a9d960376ace1e69eb317e3d42c5c94f1401" ]
Updating of the CHECKSUM property value should not affect the REV value of a vCard. However, if a CHECKSUM property is newly inserted, or its parameters changed (such as HASHA or HASHP), then the REV value should be updated according to [RFC6350].
Implementers MUST ignore individual parameter value types in xCard (6, Appendix A 4.1) during CHECKSUM value calculation to be compatible with vCard and jCard, as individual parameter value types are implicit (not explicitly represented) in both vCard and jCard properties.
If an implementation does not support the CHECKSUM property, it MUST ignore the CHECKSUM property entirely without providing it any value. If an incorrect value is provided, the receiving end of this vObject may falsely assume that the vObject is broken.
The IANA has created and will maintain the following registries under the heading "vObject Common Elements".
The registry policy is Specification Required; any newly proposed specification MUST be reviewed by the designated expert.
This section defines the process for registering new or modified hash functions and hash function specifiers with IANA.
The IETF mailing lists for vObject (vobject@ietf.org), CardDAV (vcarddav@ietf.org) and CalDAV (vcaldav@ietf.org) SHOULD be used for public discussion of additional hash functions and hash function specifiers for the CHECKSUM property prior to registration.
The registration procedure specified in [RFC6350] should be followed to register additional hash functions and hash function specifiers for vObjects.
The registry policy is Specification Required; any newly proposed registration MUST be reviewed by the designated expert.
The registry SHOULD contain the following note:
Note: Experts are to verify that the proposed registration *SHOULD* provide benefits for the wider vObject community, and provides a publicly-available standard that can be implemented in an interoperable way. Hash functions are preferrably approved by the CFRG with references to IETF-published documents. The "Reference" value should point to a document that details the implementation of this hash function in the vObject context.
A Hash Function is defined by completing the following template.
The following table has been used to initialize the Hash Functions registry.
The registry policy is Specification Required; any newly proposed registration MUST be reviewed by the designated expert.
The registry SHOULD contain the following note:
Note: Experts are to verify that the proposed registration *SHOULD* provide benefits for the wider vObject community, and provides a publicly-available standard that can be implemented in an interoperable way. Hash function specifiers are preferrably approved by the CFRG with references to IETF-published documents. The "Reference" value should point to a document that details the implementation of this hash function in the vObject context.
The "Specifier(s)" column in the registry SHOULD adhere to the following format:
ABNF:
specifier = specifier-tuple *("," specifier-tuple) specifier-tuple = specifier-key ": " specifier-value-type + "(default: " specifier-description ")" specifier-key = text specifier-value-type = value-type specifier-description = text
A Hash Function Specifier is defined by completing the following template.
The following table has been used to initialize the Hash Function Specifier registry.
ID | Order | Description | Value Type | Example(s) |
---|---|---|---|---|
shake128 | 1 | L: output bit length | integer | Appendix A.2.19 |
shake256 | 1 | L: output bit length | integer | Appendix A.2.20 |
cshake128 | 1 | L: output bit length | integer | Appendix A.2.21 |
cshake128 | 2 | N: function-name | text | Appendix A.2.21 |
cshake128 | 3 | S: customization string | text | Appendix A.2.21 |
cshake256 | 1 | L: output bit length | integer | Appendix A.2.22 |
cshake256 | 2 | N: function-name | text | Appendix A.2.22 |
cshake256 | 3 | S: customization string | text | Appendix A.2.22 |
parallel128 | 1 | B: block size in bytes | text | Appendix A.2.23 |
parallel128 | 2 | L: output bit length | integer | Appendix A.2.23 |
parallel128 | 3 | S: customization string | text | Appendix A.2.23 |
parallel256 | 1 | B: block size in bytes | text | Appendix A.2.24 |
parallel256 | 2 | L: output bit length | integer | Appendix A.2.24 |
parallel256 | 3 | S: customization string | text | Appendix A.2.24 |
This document defines the following new properties to be added to the registries defined in:
Property | Status | Reference |
---|---|---|
CHECKSUM | Current | This document: Section 5.1 |
This document defines the following new property parameters to be added to the registries defined in:
Parameter | Status | Reference |
---|---|---|
HASHA | Current | This document: Section 6.2 |
HASHP | Current | This document: Section 6.3 |
This document defines the following new parameter values to be added to the registries defined in:
Property | Parameter | Value | Reference |
---|---|---|---|
CHECKSUM | HASHA | sha224 | This document: Section 6.2 |
CHECKSUM | HASHA | sha256 | This document: Section 6.2 |
CHECKSUM | HASHA | sha384 | This document: Section 6.2 |
CHECKSUM | HASHA | sha512 | This document: Section 6.2 |
CHECKSUM | HASHA | sha512-224 | This document: Section 6.2 |
CHECKSUM | HASHA | sha512-256 | This document: Section 6.2 |
CHECKSUM | HASHA | whirlpool | This document: Section 6.2 |
CHECKSUM | HASHA | streebog256 | This document: Section 6.2 |
CHECKSUM | HASHA | streebog512 | This document: Section 6.2 |
CHECKSUM | HASHA | sha3-224 | This document: Section 6.2 |
CHECKSUM | HASHA | sha3-256 | This document: Section 6.2 |
CHECKSUM | HASHA | sha3-384 | This document: Section 6.2 |
CHECKSUM | HASHA | sha3-512 | This document: Section 6.2 |
CHECKSUM | HASHA | sm3 | This document: Section 6.2 |
CHECKSUM | HASHA | blake2b256 | This document: Section 6.2 |
CHECKSUM | HASHA | blake2b384 | This document: Section 6.2 |
CHECKSUM | HASHA | blake2b512 | This document: Section 6.2 |
CHECKSUM | HASHA | blake2s224 | This document: Section 6.2 |
CHECKSUM | HASHA | blake2s256 | This document: Section 6.2 |
CHECKSUM | HASHA | shake128 | This document: Section 6.2 |
CHECKSUM | HASHA | shake256 | This document: Section 6.2 |
CHECKSUM | HASHA | cshake128 | This document: Section 6.2 |
CHECKSUM | HASHA | cshake256 | This document: Section 6.2 |
CHECKSUM | HASHA | parallel128 | This document: Section 6.2 |
CHECKSUM | HASHA | parallel256 | This document: Section 6.2 |
[I-D.calconnect-vobject-vformat] | Tse, R., Tam, P., Daboo, C. and K. Murchison, "The vObject Model and vFormat Syntax", Internet-Draft draft-calconnect-vobject-vformat-00, April 2018. |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[RFC5545] | Desruisseaux, B., "Internet Calendaring and Scheduling Core Object Specification (iCalendar)", RFC 5545, DOI 10.17487/RFC5545, September 2009. |
[RFC6321] | Daboo, C., Douglass, M. and S. Lees, "xCal: The XML Format for iCalendar", RFC 6321, DOI 10.17487/RFC6321, August 2011. |
[RFC6350] | Perreault, S., "vCard Format Specification", RFC 6350, DOI 10.17487/RFC6350, August 2011. |
[RFC6351] | Perreault, S., "xCard: vCard XML Representation", RFC 6351, DOI 10.17487/RFC6351, August 2011. |
[RFC6352] | Daboo, C., "CardDAV: vCard Extensions to Web Distributed Authoring and Versioning (WebDAV)", RFC 6352, DOI 10.17487/RFC6352, August 2011. |
[RFC7095] | Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095, DOI 10.17487/RFC7095, January 2014. |
[RFC7265] | Kewisch, P., Daboo, C. and M. Douglass, "jCal: The JSON Format for iCalendar", RFC 7265, DOI 10.17487/RFC7265, May 2014. |
[RFC8126] | Cotton, M., Leiba, B. and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017. |
[RFC8174] | Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017. |
BEGIN:VCARD VERSION:4.0 KIND:individual FN:Martin Van Buren N:Van Buren;Martin;;;Hon. TEL;VALUE=uri;PREF=1;HASHA="voice,home":tel:+1-888-888-8888;ext=8888 END:VCARD
Location of the CHECKSUM property within the VCARD component does not matter as the method of calculation is agnostic with regards to line location of a property.
vCard extended with CHECKSUM property for CHECKSUM calculation at the last line, specifying the sha512 algorithm and value type STRING:
BEGIN:VCARD VERSION:4.0 KIND:individual FN:Martin Van Buren N:Van Buren;Martin;;;Hon. TEL;VALUE=uri;PREF=1;TYPE="voice,home":tel:+1-888-888-8888;ext=8888 CHECKSUM;VALUE=TEXT;HASHA=sha3-256: END:VCARD
PREPHASH-PROPERTY("VERSION:4.0") = "VERSION:TEXT/[4.0]?#[]" PREPHASH-PROPERTY("KIND:individual") = "KIND:TEXT/[individual]?#[]" PREPHASH-PROPERTY("FN:Martin Van Buren") = "FN:TEXT/[Martin Van Buren]?#[]" PREPHASH-PROPERTY("N:Van Buren;Martin;;;Hon.") = "N:TEXT/[Van Buren;Martin;;;Hon.]?#[]" PREPHASH-PROPERTY("TEL;VALUE=uri;PREF=1;HASHA="voice,home":") = "TEL:URI/[tel:+1-888-888-8888;ext=8888]" + "?#[{PREF:[1]};{TYPE:[home;voice]}]" PREPHASH-PROPERTY("CHECKSUM;VALUE=TEXT;HASHA=sha512:") = "CHECKSUM:TEXT/[]?#[{HASHA:[sha512]}]"
HASH("VERSION:TEXT/[4.0]?#[]") = "de2a19b21ce6dbbafd3feedebf7560966242d4af0bac8e380024135809729ba4" HASH("KIND:TEXT/[individual]?#[]") = "25603f59dc07e045b470e3d773da10e2485c078c80f4a048c2e1cbeb678ab406" HASH("FN:TEXT/[Martin Van Buren]?#[]") = "a9124e1bd40c8a2cb4031b4140629e2472046f837dddc379a257d5f6e7bceedd" HASH("N:TEXT/[Van Buren;Martin;;;Hon.]?#[]") = "c11eadabeee1252502ddc6c085e5bd7fd48ae183f50399b953bb78a927172dc5" HASH( "TEL:URI/[tel:+1-888-888-8888;ext=8888]" + "?#[{PREF:[1]};{HASHA:[home;voice]}]" ) = "dc22433d7cb2445dd9f083a1d998ee00e8f2f369f0e18ddb827f8135f0d7b30d" HASH("CHECKSUM:TEXT/[]?#[{HASHA:[sha512]}]") = "65d32764ab8c9fcdd324f24409c65a45529f4a6df5cd070378463a177de04917"
HASH-AND-PREPHASH-PROPERTIES(properties) = LIST-TO-TEXT( [ "CHECKSUM:" + HASH("CHECKSUM:TEXT/[]?#[{HASHA:[sha512];VALUE:[TEXT]}]"), "FN:" + HASH("FN:TEXT/[Martin Van Buren]?#[{VALUE:[TEXT]}]"), "KIND:" + HASH("KIND:TEXT/[individual]?#[{VALUE:[TEXT]}]"), "N:" + HASH("N:TEXT/[Van Buren;Martin;;;Hon.]?#[{VALUE:[TEXT]}]"), "TEL:" + HASH( "TEL:URI/[tel:+1-888-888-8888;ext=8888]?" + "#[{PREF:[1]};{HASHA:[voice;home]};{VALUE:[TEXT]}]" ), "VERSION:" + HASH("VERSION:TEXT/[4.0]?#[{VALUE:[TEXT]}]") ], CRLF )
PREPHASH-COMPONENT(component) = "BEGIN:VCARD:CHECKSUM CHECKSUM:65d32764ab8c9fcdd324f24409c65a45529f4a6df5cd070378463a177de04917 FN:a9124e1bd40c8a2cb4031b4140629e2472046f837dddc379a257d5f6e7bceedd KIND:25603f59dc07e045b470e3d773da10e2485c078c80f4a048c2e1cbeb678ab406 N:c11eadabeee1252502ddc6c085e5bd7fd48ae183f50399b953bb78a927172dc5 TEL:dc22433d7cb2445dd9f083a1d998ee00e8f2f369f0e18ddb827f8135f0d7b30d VERSION:de2a19b21ce6dbbafd3feedebf7560966242d4af0bac8e380024135809729ba4 END:VCARD:CHECKSUM "
HASH-COMPONENT(component) = "212f3486f968df73dc9b9f909e8dfedae866135aeef2ceeaa3393675806960d1"
This is the final checksum of this component using the sha3-256 hash method.
The final vCard:
BEGIN:VCARD VERSION:4.0 KIND:individual FN:Martin Van Buren N:Van Buren;Martin;;;Hon. TEL;VALUE=uri;PREF=1;HASHA="voice,home":tel:+1-888-888-8888;ext=8888 CHECKSUM;VALUE=TEXT;HASHA=sha3-512: 212f3486f968df73dc9b9f909e8dfedae866135aeef2ceeaa3393675806960d1 END:VCARD
input("BEGIN:VCARD") = "22e92efac9d7b0e63695a9d960376ace" + "1e69eb317e3d42c5c94f1401"
input("BEGIN:VCARD") = "99e3e442c1a5cbd115baa26d077c6bbb" + "423310cd4990051d8974c3b2d581c3d4"
input("BEGIN:VCARD") = "4055b176af753e251bc269007569c8f9" + "633e6227a5f9727381cfba0bbb44a0c9" + "25b8d31d72083d9cb4dc1da278f3a4e4"
input("BEGIN:VCARD") = "a2d5b1339599039a7058d8446442f2cb" + "341a149064eacb31fdc410e57e239849" + "88efffc6f15842a6a6ae08fb4d791d2f" + "9dd9dab4cf724f8e75b9fff2c21d3e1c"
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = "6e9ca195e4e87afcc624fa88334088fb" + "71038273b16cb1e47888072c03cfaf79" + "29539375c5ff92fbd82b73924ed60b1d" + "c9bb17bdb1bd2447cf2d3218a356736a"
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = "630d7879cac76d221565dcc335bff595" + "158b3496713910cc92166762"
input("BEGIN:VCARD") = "f1fcbc9bddcd44b1e50db99a277bc868" + "61736eb32cb30ef7e7a2c9ef95c05d50"
input("BEGIN:VCARD") = "2d27f6dccb17bf6da9800386aae4a991" + "cfdebc4f3a971f7d0e5264aa0c7b1394" + "514c2eb5bd724f0702062935de9fd92d"
input("BEGIN:VCARD") = "ceb5ab39356ce3440d99375a3098cfa5" + "20db3d54a3c15184be9f19f6483165e7" + "8769d4cf2e7f0976422ed4856122c957" + "d22a3c4b922b733ccefc802eed753027"
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD") = ""
input("BEGIN:VCARD", L, N, S) = ""
input("BEGIN:VCARD", L, N, S) = ""
input("BEGIN:VCARD", B, L, S) = ""
input("BEGIN:VCARD", B, L, S) = ""
The authors wish to thank the following parties who helped this materialize and for their support of a better world.
This specification was developed by the CalConnect TC-VCARD committee.