```
SPHINCS-Plus-Module-2022
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
id-smime(16) id-mod(0) id-mod-sphincs-plus-2022(TBD1) }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
PUBLIC-KEY, SIGNATURE-ALGORITHM, SMIME-CAPS
FROM AlgorithmInformation-2009 -- RFC 5911
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58) } ;
--
-- Object Identifiers
Housley, et al. Expires 25 May 2023 [Page 9]
Internet-Draft SPHINCS+ Signature Algorithm in CMS November 2022
--
id-alg-sphincs-plus-128 OBJECT IDENTIFIER ::= { TBD }
id-alg-sphincs-plus-192 OBJECT IDENTIFIER ::= { TBD }
id-alg-sphincs-plus-256 OBJECT IDENTIFIER ::= { TBD }
--
-- Signature Algorithm, Public Key, and Private Key
--
sa-sphincs-plus-128 SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-alg-sphincs-plus-128
PARAMS ARE absent
PUBLIC-KEYS { pk-sphincs-plus-128 }
SMIME-CAPS { IDENTIFIED BY id-alg-sphincs-plus-128 } }
sa-sphincs-plus-192 SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-alg-sphincs-plus-192
PARAMS ARE absent
PUBLIC-KEYS { pk-sphincs-plus-192 }
SMIME-CAPS { IDENTIFIED BY id-alg-sphincs-plus-192 } }
sa-sphincs-plus-256 SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-alg-sphincs-plus-256
PARAMS ARE absent
PUBLIC-KEYS { pk-sphincs-plus-256 }
SMIME-CAPS { IDENTIFIED BY id-alg-sphincs-plus-256 } }
pk-sphincs-plus-128 PUBLIC-KEY ::= {
IDENTIFIER id-alg-sphincs-plus-128
KEY SPHINCS-Plus-PublicKey
PARAMS ARE absent
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
PRIVATE-KEY SPHINCS-Plus-PrivateKey }
pk-sphincs-plus-192 PUBLIC-KEY ::= {
IDENTIFIER id-alg-sphincs-plus-192
KEY SPHINCS-Plus-PublicKey
PARAMS ARE absent
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
PRIVATE-KEY SPHINCS-Plus-PrivateKey }
pk-sphincs-plus-256 PUBLIC-KEY ::= {
IDENTIFIER id-alg-sphincs-plus-256
Housley, et al. Expires 25 May 2023 [Page 10]
Internet-Draft SPHINCS+ Signature Algorithm in CMS November 2022
KEY SPHINCS-Plus-PublicKey
PARAMS ARE absent
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
PRIVATE-KEY SPHINCS-Plus-PrivateKey }
SPHINCS-Plus-PublicKey ::= OCTET STRING
SPHINCS-Plus-PrivateKey ::= OCTET STRING
--
-- Expand the signature algorithm set used by CMS [RFC5911]
--
SignatureAlgorithmSet SIGNATURE-ALGORITHM ::=
{ sa-sphincs-plus-128 |
sa-sphincs-plus-192 |
sa-sphincs-plus-256,
... }
--
-- Expand the S/MIME capabilities set used by CMS [RFC5911]
--
SMimeCaps SMIME-CAPS ::=
{ sa-sphincs-plus-128.&smimeCaps |
sa-sphincs-plus-192.&smimeCaps |
sa-sphincs-plus-256.&smimeCaps,
... }
END
``````
Authors' Addresses
Russ Housley
Vigil Security, LLC
Email: housley@vigilsec.com
Scott Fluhrer
Cisco Systems
Email: sfluhrer@cisco.com
Panos Kampanakis
Amazon Web Services
Housley, et al. Expires 25 May 2023 [Page 11]
Internet-Draft SPHINCS+ Signature Algorithm in CMS November 2022
Email: kpanos@amazon.com
Bas Westerbaan
Cloudflare
Email: bas@westerbaan.name
Housley, et al. Expires 25 May 2023 [Page 12]
```