Question 20. Is RSA an Official Standard Today?

RSA is part of many official standards worldwide. The ISO (International Standards Organization) 9796 standard lists RSA as a compatible cryptographic algorithm, as does the ITU-T X.509 security standard (see Question 165). RSA is part of the Society for Worldwide Interbank Financial Telecommunications (SWIFT) standard, the French financial industry's ETEBAC 5 standard, and the ANSI X9.31 draft standard for the U.S. banking industry (see Question 160). The Australian key management standard, AS2805.6.5.3, also specifies RSA.

RSA is found in Internet standards and proposed protocols including PEM (Privacy Enhanced Mail), S/MIME, PEM-MIME, S-HTTP and SSL (see Question 130 through Question 134) as well as the PKCS standard (see Question 166) for the software industry. The OSI Implementors' Workshop (OIW) has issued implementors' agreements referring to PKCS and PEM, each of which includes RSA.

A number of other standards are currently being developed and will be announced over the next couple of years; many are expected to include RSA as either an endorsed or a recommended system for privacy and/or authentication. A comprehensive survey of cryptography standards can be found in publications by Kaliski [Kal93b] and Ford [For94] .