IETF Logo Mail Archive

Re: [Curdle] [Errata Held for Document Update] RFC8410 (5696)

Sean Turner <sean@sn3rd.com> Wed, 04 May 2022 14:10 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24907C1D4687 for <curdle@ietfa.amsl.com>; Wed, 4 May 2022 07:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6dKVB5Guc7dG for <curdle@ietfa.amsl.com>; Wed, 4 May 2022 07:10:09 -0700 (PDT)
Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19047C15E6D3 for <curdle@ietf.org>; Wed, 4 May 2022 07:10:06 -0700 (PDT)
Received: by mail-qk1-x72a.google.com with SMTP id f186so989306qke.8 for <curdle@ietf.org>; Wed, 04 May 2022 07:10:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=LYcqtr1Taa+3se6VxFiosW8X1TANvmXJTeUqv3bRJYo=; b=nXC77ZTlq8SSKlY7ze/9mldnj7EvsSSW+m9NQRVkjrAn+dDr54JFKon/PPBmwPbdwy E0IyVWDTUa1QdG2kfblSh/XPN6easupB40zoI9kHMVzG8ddCdhB26yoTuVVQHhfOjC6w dh15Ait4HefPi504iOa9OumKQnRDaFZ9Rrps4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=LYcqtr1Taa+3se6VxFiosW8X1TANvmXJTeUqv3bRJYo=; b=ySjbZGy3tXiqwyD72qAC0v0LwZhgEwRVwKhp1v7infyLIKS2cUTB3NZiopkdrKb/Yj Cr++e7M2NZjeBbB5cHPakxyPXht8vnkkUh9s/LbpvkmESPqPUWW+xJOMFYc/VvJkWNGb 3YJYusU5N2ERJc7octDFD/kvtDkfZl9uhuMqFmdvZqMWvXnY6Kd9JFQpAp2SQGY1E0le 0K/M5bA+yaL0EjFjsWSmguFTT71wZaNiIDVcVbak2Et6CoSzxAbV//KrfVsYWv4Y8SUt 5v4zsVx/rmAmafvWguryIoQGQJ0/cLMMJJoxTZS0EIg3GBrVz0QYmUTH402R2aZdo5Hg YB2Q==
X-Gm-Message-State: AOAM533qU7CH9ZcuA1EHzDivYmx450eOr70tHX0M1+YBps63Xw4HOF3c c43EuRCYs1YGT8JnXkqwQPqMEw==
X-Google-Smtp-Source: ABdhPJzaAERpU8HPbi71Ewzgc627dQCqSS5yG4nB4zepqouBa+X9Fg5mCYlykwqQ0UvyY8dsvaJjJw==
X-Received: by 2002:a37:7c8:0:b0:69f:c5f8:85a2 with SMTP id 191-20020a3707c8000000b0069fc5f885a2mr14886292qkh.662.1651673405720; Wed, 04 May 2022 07:10:05 -0700 (PDT)
Received: from smtpclient.apple (pool-72-83-85-4.washdc.east.verizon.net. [72.83.85.4]) by smtp.gmail.com with ESMTPSA id q8-20020ae9e408000000b0069fe1dfbeffsm5017020qkc.92.2022.05.04.07.10.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 May 2022 07:10:04 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-28025DEE-253F-4D61-A8F1-0E4E4729060B"
Content-Transfer-Encoding: 7bit
From: Sean Turner <sean@sn3rd.com>
Mime-Version: 1.0 (1.0)
Date: Wed, 04 May 2022 10:10:04 -0400
Message-Id: <E4952000-A2FB-4F4F-A3A7-9B79A9311069@sn3rd.com>
References: <20220425202243.DD9A41210B8@rfcpa.amsl.com>
Cc: LIJUN.LIAO@huawei.com, simon@josefsson.org, ietf@augustcellars.com, iesg@ietf.org, curdle@ietf.org
In-Reply-To: <20220425202243.DD9A41210B8@rfcpa.amsl.com>
To: rdd@cert.org
X-Mailer: iPhone Mail (19E258)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/2n8Qzcbm-kbAcZ2y9GATzy-VJLs>
Subject: Re: [Curdle] [Errata Held for Document Update] RFC8410 (5696)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2022 14:10:13 -0000

Can probably mark this one as HFDU as we are fixing this in:

https://datatracker.ietf.org/doc/draft-ietf-lamps-8410-ku-clarifications/

spt

Sent from my iPhone

> On Apr 25, 2022, at 16:22, RFC Errata System <rfc-editor@rfc-editor.org> wrote:
> 
> The following errata report has been held for document update 
> for RFC8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure". 
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid5696
> 
> --------------------------------------
> Status: Held for Document Update
> Type: Technical
> 
> Reported by: Lijun Liao <LIJUN.LIAO@HUAWEI.COM>
> Date Reported: 2019-04-17
> Held by: Roman Danyliw (IESG)
> 
> Section: 5
> 
> Original Text
> -------------
>   If the keyUsage extension is present in a certification authority
>   certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage
>   extension MUST contain one or more of the following values:
> 
>          nonRepudiation;
>          digitalSignature;
>          keyCertSign; and
>          cRLSign.
> 
> Corrected Text
> --------------
>   If the keyUsage extension is present in a certification authority
>   certificate that indicates id-Ed25519 or id-Ed448, then the keyUsage
>   extension MUST contain keyCertSign, and zero, one or more of the
>   following values:
> 
>          nonRepudiation;
>          digitalSignature; and
>          cRLSign.
> 
> Notes
> -----
> The usage keyCertSign must be set in a CA certificate.
> 
> --------------------------------------
> RFC8410 (draft-ietf-curdle-pkix-10)
> --------------------------------------
> Title               : Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure
> Publication Date    : August 2018
> Author(s)           : S. Josefsson, J. Schaad
> Category            : PROPOSED STANDARD
> Source              : CURves, Deprecating and a Little more Encryption
> Area                : Security
> Stream              : IETF
> Verifying Party     : IESG
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email