RSA Laboratories

3.1.10 Is the RSA system an official standard today?

The RSA cryptosystem is part of many official standards worldwide. The ISO (International Standards Organization) 9796 standard lists RSA as a compatible cryptographic algorithm, as does the ITU-T X.509 security standard (see Question 5.3.2). The RSA systemm is part of the Society for Worldwide Interbank Financial Telecommunications (SWIFT) standard, the French financial industry's ETEBAC 5 standard, the ANSI X9.31 rDSA standard and the X9.44 draft standard for the U.S. banking industry (see Question 5.3.1). The Australian key management standard, AS2805.6.5.3, also specifies the RSA system.

The RSA algorithm is found in Internet standards and proposed protocols including S/MIME (see Question 5.1.1), IPSec (see Question 5.1.4), and TLS (the Internet standards-track successor to SSL; see Question 5.1.2), as well as in the PKCS standard (see Question 5.3.3) for the software industry. The OSI Implementers' Workshop (OIW) has issued implementers' agreements referring to PKCS, which includes RSA.

A number of other standards are currently being developed and will be announced over the next few years; many are expected to include the RSA algorithm as either an endorsed or a recommended system for privacy and/or authentication. For example, IEEE P1363 (see Question 5.3.5) and WAP WTLS (see Question 5.1.2) includes the RSA system.

A comprehensive survey of cryptography standards can be found in publications by Kaliski [Kal93b] and Ford [For94].