Network Working GroupInternet-DraftThis document describes the conventions for using the SHA-3 family of hash functions in the Internet X.509 PKI as one-way hash functions and with the ECDSA signature algorithm; the conventions for the associated ECDSA subject public keys are also described. Digital signatures are used to sign certificates and CRLs (Certificate Revocation Lists)., , , and defines the contents of the signatureAlgorithm, signatureValue, signature, and subjectPublicKeyInfo fields within Internet X.509 certificates and CRLs (Certificate Revocation Lists) for a number of algorithms. This document does the same for the SHA-3 family of one-way hash functions and their use with the ECDSA and RSA PKCS#1 v1.5 digital signature algorithms.Familiarity with is assumed.The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in .This section describes cryptographic algorithms which may be used with the Internet X.509 Certificate and CRL profile . This section describes one-way hash functions and digital signature algorithms which may be used to sign certificates and CRLs, and identifies OIDs (Object Identifiers) for public keys contained in a certificate.The SHA-3 family of one-way hash functions is specified in . In the SHA-3 family, four hash functions are defined: SHA3-224, SHA3-256, SHA3-384, and SHA3-512; two extendable-output functions, called SHAKE128 and SHAKE256, are also defined but are not addressed by this document. The respective output lengths, in bits, of the SHA-3 hash functions are 224, 256, 384, and 512 and as of this document’s publication date correspond to 112, 128, 192, and 256 bits of security . The OIDs (Object Identifiers) for these four hash functions are as follows:When using the id-sha3-224, id-sha3-s256, id-sha3-384, or id-sha3-512 algorithm identifiers, the parameters field MUST be absent; not NULL but absent.The ECDSA (Elliptic Curve Digital Signature Algorithm) is defined in . When ECDSA is used in conjunction with one of the SHA-3 one-way hash functions the OID is, respectively:When these algorithm identifiers appear as the algorithm field in an AlgorithmIdentifier, the encoding MUST omit the parameters field. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component: the OBJECT IDENTIFIER id-ecdsa-with-sha3-224, id-ecdsa-with-sha3-256, id-ecdsa-with-sha3-384, or id-ecdsa-with-sha3-512.The ECParameters in the subjectPublicKeyInfo field of the issuer’s certificate SHALL apply to the verification of the signature.When signing, the ECDSA algorithm generates two values. These values are commonly referred to as r and s. To easily transfer these two values as one signature, they MUST be ASN.1 encoded using the ECDSA-Sig-Value defined in but repeated here for convenience:The conventions for ECDSA public keys is as specified in .TBDIANA is kindly requested to register two OIDs in the SMI Security for PKIX Module Identifier registry for the ASN.1 modules found in Appendix A.1 and A.2. 