Re: [Curdle] Confirming a change to draft-ietf-curdle-rsa-sha2-12

Ron Frederick <ronf@timeheart.net> Tue, 13 March 2018 01:01 UTC

Return-Path: <ronf@timeheart.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62E191242F7 for <curdle@ietfa.amsl.com>; Mon, 12 Mar 2018 18:01:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=timeheart.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y8XQdEEM1rol for <curdle@ietfa.amsl.com>; Mon, 12 Mar 2018 18:01:15 -0700 (PDT)
Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50CC212420B for <curdle@ietf.org>; Mon, 12 Mar 2018 18:01:15 -0700 (PDT)
Received: by mail-pf0-x22d.google.com with SMTP id d26so5149108pfn.5 for <curdle@ietf.org>; Mon, 12 Mar 2018 18:01:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timeheart.net; s=mail; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1kl2FOh8eSA7zmAVqwWbd8YoiDrreBRKFOjGVrNSefc=; b=MWjlOpHN3HYfz1xeGOSCOsvy9FbM8pcI+oYg4zCzlvRcJXjSablkGLTuksTTcifOo+ VloXekN1WFUOqQun7nnu7yF9OQUhcmmp7m0k5xFxmoyaycAKF3KBDJjsusHLqmgwE1LK pRVB3j3iiSwPt6IAfX3bmh4GeXR6l+hRj/4YY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=1kl2FOh8eSA7zmAVqwWbd8YoiDrreBRKFOjGVrNSefc=; b=ePwoTPZM4KRCxlrMoAHNT7Bsd43wxUPfc5IGlpermEhW94nO+1r3ee58I5bQRSPeR2 /zeDdSgCP/J/fRjhBvAp0tTS5N6OQjuuKK/PJgxuVL0ykVCpMinxWkqntd6PIs8mFOR2 z1lTOn0Tp0qJGtq7mvv9clYF/cUOqBl44BVLlYnOF6MqnqI8GzTSdI7lfTk4msWQ4SnD R/dE/PiiLA1eQjYhW5N2VSq9/DG9N+ylGoFfrz3m5LnBH++UffDPinBZfIJ/NErC+JtP 3xlccz9SEHpxEQZVm1cTtv7ME8bBu/p5TXD0Xxrb8iNYsAukaSjA+lMErMoPxoYZiGpK Y25w==
X-Gm-Message-State: AElRT7FXJ4pBvaIxeIVxrmyko4ZJSDjOL0NROZzLpk3wl+y7CboDewK6 tkx447c6734tpGhSBsg2IHvcKA==
X-Google-Smtp-Source: AG47ELt1VWXmsIqTTWaJ8slC1k3iZ1slynYgVwkIiOTMJTBwrCedKaJXyDRmJp10yo1g+wEu4LSTqw==
X-Received: by 10.99.132.72 with SMTP id k69mr8155423pgd.367.1520902874476; Mon, 12 Mar 2018 18:01:14 -0700 (PDT)
Received: from ?IPv6:2603:3024:18fa:4000::2? ([2603:3024:18fa:4000::2]) by smtp.gmail.com with ESMTPSA id m4sm14622862pgv.39.2018.03.12.18.01.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Mar 2018 18:01:12 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Ron Frederick <ronf@timeheart.net>
In-Reply-To: <28093.1520848786@eng-mail01.juniper.net>
Date: Mon, 12 Mar 2018 18:01:10 -0700
Cc: "curdle@ietf.org" <curdle@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <40465B0B-FED4-4C16-A5C3-7E2C04E1B666@timeheart.net>
References: <4C40F019-21FB-46AC-95D3-CC94BB976AAB@akamai.com> <12087.1520816187@eng-mail01.juniper.net> <CADPMZDCwRN-GHXhAe=-xPFHMnUBN39UWmENGNUeLbFkneEAgcA@mail.gmail.com> <17856.1520829824@eng-mail01.juniper.net> <CADPMZDBnG1hv5D74vLv2bXqxZjceJgHQ9oYrufKHskLdV7nRSQ@mail.gmail.com> <28093.1520848786@eng-mail01.juniper.net>
To: "Mark D. Baushke" <mdb@juniper.net>, denis bider <denisbider.ietf@gmail.com>, "Salz, Rich" <rsalz@akamai.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/47NGPQSAPQX30J89Exc85tNvAZ0>
Subject: Re: [Curdle] Confirming a change to draft-ietf-curdle-rsa-sha2-12
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 01:01:17 -0000

Agreed on MAY here instead of SHOULD.

One of the original e-mails on this thread also mentioned prepending a leading 0x00 byte in cases where the high-bit of the first octet is set. I’m not sure we want to ever allow that. is anyone aware of any existing implementations that do that today, incorrectly thinking this value was supposed to follow the rules for encoding an “mpint” instead of a fixed-length octet string?

On Mar 12, 2018, at 2:59 AM, Mark D. Baushke <mdb@juniper.net> wrote:
> Hi denis,
> 
> Argument #3 works for me.
> 
> MAY is best. SHOULD lets broken implementations continue to be broken.
> 
> Thank you for your responses.
> 
> 	Enjoy!
> 	-- Mark
> 
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle

-- 
Ron Frederick
ronf@timeheart.net