IETF Logo Mail Archive

Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

David Benjamin <davidben@chromium.org> Thu, 15 December 2016 13:27 UTC

Return-Path: <davidben@google.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D928A1293DA for <curdle@ietfa.amsl.com>; Thu, 15 Dec 2016 05:27:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.595
X-Spam-Level:
X-Spam-Status: No, score=-5.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.896, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OSQp17rdHRSS for <curdle@ietfa.amsl.com>; Thu, 15 Dec 2016 05:26:59 -0800 (PST)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BD6C1295BB for <curdle@ietf.org>; Thu, 15 Dec 2016 05:26:57 -0800 (PST)
Received: by mail-qk0-x22c.google.com with SMTP id n21so55877109qka.3 for <curdle@ietf.org>; Thu, 15 Dec 2016 05:26:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3GAyGZn00vCrLtuk1tOA8XC8VBp/nKWgiqivp8nwySE=; b=jluhLlrId3iaQznBfrLDZl835/TSlhrLq8GDHzmnX4OF9GiJobWWYPTVSWnNY4eero 34MFh8ZmbnIJVDaW9g8MO8QlmSxOSeh4T7wvwV6sueTRQGu8/tvS5GYh2rO089DuRhDr sYounR2VDktzTaRx/TXcgUmDsbcK7AqOErYXw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3GAyGZn00vCrLtuk1tOA8XC8VBp/nKWgiqivp8nwySE=; b=qmFfw2RmUIyPbxqsxnOvpJpef3dtY5NnMI6Y49p90dC44v45TmhreH6D5w0tSstc8b EU64KTP1QdrtS68RnaNRAJnZDfCnHZzUaru5F+D2++oflHqBMbydiSFB/OQ3ZiuYkVLH Y1CVW4eidKgrg/TJOn9QZUeNoSy6WwmcydjwvauaagJofiRA80mIb7dH4DQSlffp+5TP NzcM/Fca38L1qDJpGhm01oOENLbQundYNAEqEbQN+7+jGTLeOJF8EbXXiL+ZG9wuBxLf PNzC0dw6BM2CMx51ueYQouagghCmJJecQU+QHnivIHJVuAWxmGlJQ82WjtQVlYG9vPlM hmqQ==
X-Gm-Message-State: AIkVDXJ3T29W3B+4RTeCXxmJ+I7VZ5Xz4rN27AfUw22DRhWqPF+nIMbYjUF7ygrfeequrxstA8le/CfZFEIdvR8x
X-Received: by 10.55.156.81 with SMTP id f78mr1345350qke.123.1481808416478; Thu, 15 Dec 2016 05:26:56 -0800 (PST)
MIME-Version: 1.0
References: <20161214105434.418FAADD1C@smtp.postman.i2p> <20161214121515.GA10791@LK-Perkele-V2.elisa-laajakaista.fi> <20161214132326.29D3BADD12@smtp.postman.i2p> <20161215043852.11033ADD1E@smtp.postman.i2p>
In-Reply-To: <20161215043852.11033ADD1E@smtp.postman.i2p>
From: David Benjamin <davidben@chromium.org>
Date: Thu, 15 Dec 2016 13:26:44 +0000
Message-ID: <CAF8qwaA_=5=BEXX5SKvaJNp-W1C8FmnwnmJ2V3qi9=s1J+atpw@mail.gmail.com>
To: str4d <str4d@i2pmail.org>, Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: multipart/alternative; boundary="94eb2c075ab44a82d20543b2681d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/8BDOmboWma-I2flio7Dh2dmc35c>
Cc: curdle@ietf.org
Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 13:27:02 -0000

On Thu, Dec 15, 2016 at 1:42 AM str4d <str4d@i2pmail.org> wrote:

> On 12/15/2016 02:23 AM, David Benjamin wrote:
> > On Wed, Dec 14, 2016 at 7:15 AM Ilari Liusvaara <
> ilariliusvaara@welho.com>
> > wrote:
> >
> >> On Wed, Dec 14, 2016 at 10:54:34AM +0000, str4d wrote:
> >>> Hello,
> >>>
> >>> I am currently updating my EdDSA Java library to implement the current
> >>> spec for key encoding [0] (previously I used
> >>> draft-josefsson-pkix-eddsa-04 for public keys, and the equivalent in
> >>> PKCS#8 format for private keys). The example public key given in
> >>> draft-ietf-curdle-pkix-03 [1] passes my tests, however the example
> >>> private key [2] does not.
> >>>
> >>> It appears that the private key material within the example is 34
> bytes,
> >>> but according to Section 3.2 of draft-irtf-cfrg-eddsa-08 [3] (which
> >>> AFAICT the present draft defers to for encoding), the private key is
> the
> >>> b-bit seed k, which is 32 bytes.
> >>>
> >>> Am I missing something? If the example keys in the present draft are
> >>> correct, it would be helpful to add a reference that clarifies their
> >>> exact encoding.
> >>
> >> Apparently the key is wrapped in OCTET STRING twice for some reason,
> >> so the length is actually 32 bytes (the first 2 are second OCTET STRING
> >> header).
> >>
> >
> > Is it too late to change that / was there any particular reason for this?
> > Not that saving or using two bytes really matters, but it seems
> unnecessary
> > when we already have an OCTET-STRING-shaped hole to put our octet string
> in.
> >
>
> Additionally, it is somewhat strange that the same document
> (draft-irtf-cfrg-eddsa-08) would define that the public key requires no
> additional OCTET STRING wrapping, while the private key does. I
> personally don't have a problem implementing it this way if that is what
> the WG decides, but one of the two documents needs to be updated
> regardless of whether or not this is changed (either to change it or to
> clarify the encoding).
>

Even if it stays as-is, I do not think draft-irtf-cfrg-eddsa should be
changed to mention the OCTET STRING wrapping. EdDSA public and private keys
are encoded as specified by draft-irtf-cfrg-eddsa-08. If you just need to
store one of those, you use it. Neither use ASN.1 at that layer since
there's no need. Serialization asks for a byte string, and we already have
a way to return a byte string.

If you need to store them in an SPKI or PKCS#8 blob, you then follow
draft-ietf-curdle-pkix which calls into that serialization and adds a bunch
of ASN.1. The PKCS#8 wrapping, for some reason, prescribes two layers of
OCTET STRING wrapping right now. This, though odd, is still self-consistent.

David

v2.23.0 | Report a Bug | By Email