[Curdle] [Errata Rejected] RFC8410 (5709)
RFC Errata System <rfc-editor@rfc-editor.org> Mon, 06 May 2019 21:46 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F1771201ED; Mon, 6 May 2019 14:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q5apNf3moQpM; Mon, 6 May 2019 14:46:27 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40989120021; Mon, 6 May 2019 14:46:27 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 28212B80A62; Mon, 6 May 2019 14:46:25 -0700 (PDT)
To: lijun.liao@gmail.com, simon@josefsson.org, ietf@augustcellars.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: kaduk@mit.edu, iesg@ietf.org, curdle@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20190506214625.28212B80A62@rfc-editor.org>
Date: Mon, 06 May 2019 14:46:25 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/9JdeDTN1mt0r9_-tnQ-yZRnjXI4>
Subject: [Curdle] [Errata Rejected] RFC8410 (5709)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2019 21:46:31 -0000
The following errata report has been rejected for RFC8410, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5709 -------------------------------------- Status: Rejected Type: Editorial Reported by: Lijun Liao <lijun.liao@gmail.com> Date Reported: 2019-04-29 Rejected by: Benjamin Kaduk (IESG) Section: 10.2 Original Text ------------- - Corrected Text -------------- - Notes ----- The example certificate is a self-signed certificate containing X25519 public key. Unlike standard EC public key, the public key for key exchange is NOT the same as the one for digital signature in curve25519. That means, for the same private key, the public keys for X25519 and for Ed25519 are different. As a result, the public key in the self-signed certificate can NOT be used to verify the signature. In this context, please replace the example certificate by one containing the Ed25519 public key. --VERIFIER NOTES-- X25519 keys are only capable of key agreement, not signing, so by necessity a self-issued X25519 certificate cannot be self-signed. This document specifies, among other things, how to encode X25519 public keys into X.509 certificates, and so the example is accordingly a self-issued but not self-signed certificate. The issuing certificate has the same subject name but a different key (and key type). -------------------------------------- RFC8410 (draft-ietf-curdle-pkix-10) -------------------------------------- Title : Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure Publication Date : August 2018 Author(s) : S. Josefsson, J. Schaad Category : PROPOSED STANDARD Source : CURves, Deprecating and a Little more Encryption Area : Security Stream : IETF Verifying Party : IESG
- [Curdle] [Errata Rejected] RFC8410 (5709) RFC Errata System