IETF Logo Mail Archive

Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

David Benjamin <davidben@chromium.org> Tue, 17 January 2017 21:07 UTC

Return-Path: <davidben@google.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E78FE1294A1 for <curdle@ietfa.amsl.com>; Tue, 17 Jan 2017 13:07:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.898
X-Spam-Level:
X-Spam-Status: No, score=-5.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ScQALIvt8X-s for <curdle@ietfa.amsl.com>; Tue, 17 Jan 2017 13:06:58 -0800 (PST)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BB1E1294D3 for <curdle@ietf.org>; Tue, 17 Jan 2017 13:06:58 -0800 (PST)
Received: by mail-qt0-x22f.google.com with SMTP id v23so179955305qtb.0 for <curdle@ietf.org>; Tue, 17 Jan 2017 13:06:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9tK9BN7mi6mOuUc5Ax/lqzS/1kzeG4NFwC3ecu9+A+Q=; b=PJFeTiDq5qF2M9tfQV36ufwsbB9fVG9RlKsUO0D7t3w/+oxRTBKzD1KvlBWH83sAfy mUWFdfT31hD27ljVxWq7QhG111wOWHmPdi0nu+9iKC+iGh5zXxPTL+xDOGFc1r5guBp8 c/nhaPZHJJcHtCXmJb/0qIUgTnImlBUtCyqeE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9tK9BN7mi6mOuUc5Ax/lqzS/1kzeG4NFwC3ecu9+A+Q=; b=geaJw4cCD9byew4/+A47g7+zila0pxzAC9KiIyyok/O1hxwvWLUzr162LoXueB45if 52YV3U07bNUF8CzjMRrobGwLlcqcTlw/jafCLBicv0EaWc8WJPpe6Dmv9xtkruJHSFaZ gWn4mj1nxccwYNUMR3rm8ywMBKqxV1AthOMqCfoGFVteyh+zItzw+uZIzk4tdOMRVUa7 6dGz8i1rOsegDbtFaWxER2TNmRBxAJKrHsN0O5D7odu9f3S07eM3/r7KzFXDsvWtGiKZ IMtqjxRi8AkNMGXFkJANi+1CJ610Rz4c2uA9R1F5WE2EfdsHtMab39cw2Sqo3fde8341 psPg==
X-Gm-Message-State: AIkVDXJQjmPOt2aYEMZSsukQboFWJSL57UysB0zC0rZk6iAZ1Wj5J3MMR3Wivj9umZxQutKSB0ntawiVHibEHA2H
X-Received: by 10.200.49.41 with SMTP id g38mr35367246qtb.175.1484687216909; Tue, 17 Jan 2017 13:06:56 -0800 (PST)
MIME-Version: 1.0
References: <20161214105434.418FAADD1C@smtp.postman.i2p> <20161214121515.GA10791@LK-Perkele-V2.elisa-laajakaista.fi> <CAF8qwaCWAx8Vp67VZz4G5DQpTGf5DX-sMN+1i40acgCYT8_NVA@mail.gmail.com> <002501d25760$a75c0bb0$f6142310$@augustcellars.com> <CAF8qwaDzC8C0czSPrCdTgKH-3_YqW8KeVQ291p+SNcOo-NyGxg@mail.gmail.com> <CAF8qwaASPih==KC9NKSy6KtEeySjEf4ByM1JkzCuu2bF8EP1xQ@mail.gmail.com> <035701d25a3f$a46ca9f0$ed45fdd0$@augustcellars.com> <CADZyTk=PFHDU5R+AR6G7C9=Shd6hW8KQkAX7TqcM9YSRuYaEmw@mail.gmail.com>
In-Reply-To: <CADZyTk=PFHDU5R+AR6G7C9=Shd6hW8KQkAX7TqcM9YSRuYaEmw@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Tue, 17 Jan 2017 21:06:46 +0000
Message-ID: <CAF8qwaAeSpu5bvcB=sXXjao3h45Eym1km8VJyy_xAXqJoGg-wQ@mail.gmail.com>
To: Daniel Migault <daniel.migault@ericsson.com>, Jim Schaad <ietf@augustcellars.com>
Content-Type: multipart/alternative; boundary="001a113a2bec2b1db9054650ae6f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/JInid1n9nN0lnIwI8t5QQcgI6W8>
Cc: curdle <curdle@ietf.org>
Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 21:07:02 -0000

Jim's proposed text seems reasonable to me. CurvePrivateKey is a much
better name than PrivateKeyWrapper! Maybe "and wrapped by the OCTET STRING"
=> "which is then wrapped by the OCTET STRING", but this is all nitpicks
and I'm happy with whatever.

On Tue, Jan 17, 2017 at 3:33 PM Daniel Migault <daniel.migault@ericsson.com>
wrote:

> Hi,
>
> Please indicate if the text added by Jim clarifies the previous confusion,
> and if we can close the thread.
>
>
> My understanding of the text is:
>
> """the private key is wrapped in an CurvePrivateKey object """
> CurvePrivateKey = OCTET STRING ( private key)
> """and wrapped by the OCTET STRING of the 'privateKey' field."""
> privateKey = OCTET STRING (OCTET STRING (private key))
>
> Am I correct ?
>
> Yours,
> Daniel
>
>
> On Mon, Dec 19, 2016 at 4:34 PM, Jim Schaad <ietf@augustcellars.com>
> wrote:
>
> In my local version, I have done the following:
>
>
>
> 1.       Changed EdPrivateKey to CurvePrivateKey.  I hope that this will
> not cause any confusion with the ECPrivateKey type defined in RFC5915.
>
> 2.      I have changed the last sentence in the paragraph mentioned below
> to
>         Thus when encoding a OneAsymmetricKey object, the private key is
> wrapped in an CurvePrivateKey object and wrapped by the OCTET STRING of the
> 'privateKey' field.
>
> 3.      I have also expanded the appendix with the private key example to
> have 1) the current PEM format, 2) an ASN.1 dump and 3) the value of the
> private key.
>
>
>
> I debated using the OKP (Octet Key Pair) which was used in JOSE and COSE
> but decided not to.
>
>
>
> Jim
>
>
>
>
>
> *From:* David Benjamin [mailto:davidben@chromium.org]
> *Sent:* Thursday, December 15, 2016 11:18 PM
> *To:* Jim Schaad <ietf@augustcellars.com>
>
> *Cc:* curdle@ietf.org
> *Subject:* Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
>
>
>
> So we don't end up with two variants of this floating around (this thread
> gives one data point of the current text being misinterpreted), What do you
> think about these editorial changes?
>
>
>
> 1. In the paragraph beginning "For the keys defined in this document
> [...]", add a sentence like "Note the opaque byte sequence is wrapped in
> OCTET STRINGs twice in total."
>
>
>
> 2. EdPrivateKey sounds like this only applies to Ed* rather than both Ed*
> and X*. It should probably be renamed. But the best name I can come up with
> right now is PrivateKeyWrapper, which is terrible. Another option is to
> avoid defining a type and just say:
>
>
>
>    For the keys defined in this document, the private key is always an
>
>    opaque byte sequence.  This is encoded in a OneAsymmetricKey
>
>    object by wrapping the sequence in an ASN.1 OCTET STRING
>
>    and placing its DER encoding in the 'privateKey' field. Note that
>
>    'privateKey' is itself an OCTET STRING, so the original byte
>
>    sequence is wrapped in OCTET STRINGs twice in total.
>
>
>
> David
>
>
>
> On Fri, Dec 16, 2016 at 1:56 AM David Benjamin <davidben@chromium.org>
> wrote:
>
> Ah, yes, I see OpenSSL has already shipped code which serializes X25519 in
> this way, as early as OpenSSL 1.1.0 in September. That's unfortunate. It
> would have been preferable to avoid this confusing double wrapper, but so
> it goes I guess.
>
>
>
> David
>
>
>
> On Fri, Dec 16, 2016 at 12:53 AM Jim Schaad <ietf@augustcellars.com>
> wrote:
>
> I believe that the OpenSSL people would be sad if we changed this at this
> time.  I did some interop testing with their developers before the last
> version was released and the OCTET STRING wrapper on the private key is
> what we were doing at the time.
>
> Jim
>
> From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of David Benjamin
> Sent: Wednesday, December 14, 2016 5:23 AM
> To: Ilari Liusvaara <ilariliusvaara@welho.com>; str4d <str4d@i2pmail.org>
> Cc: curdle@ietf.org
> Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
>
> On Wed, Dec 14, 2016 at 7:15 AM Ilari Liusvaara <mailto:
> ilariliusvaara@welho.com> wrote:
> On Wed, Dec 14, 2016 at 10:54:34AM +0000, str4d wrote:
> > Hello,
> >
> > I am currently updating my EdDSA Java library to implement the current
> > spec for key encoding [0] (previously I used
> > draft-josefsson-pkix-eddsa-04 for public keys, and the equivalent in
> > PKCS#8 format for private keys). The example public key given in
> > draft-ietf-curdle-pkix-03 [1] passes my tests, however the example
> > private key [2] does not.
> >
> > It appears that the private key material within the example is 34 bytes,
> > but according to Section 3.2 of draft-irtf-cfrg-eddsa-08 [3] (which
> > AFAICT the present draft defers to for encoding), the private key is the
> > b-bit seed k, which is 32 bytes.
> >
> > Am I missing something? If the example keys in the present draft are
> > correct, it would be helpful to add a reference that clarifies their
> > exact encoding.
>
> Apparently the key is wrapped in OCTET STRING twice for some reason,
> so the length is actually 32 bytes (the first 2 are second OCTET STRING
> header).
>
> Is it too late to change that / was there any particular reason for this?
> Not that saving or using two bytes really matters, but it seems unnecessary
> when we already have an OCTET-STRING-shaped hole to put our octet string in.
>
>
>
> David
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>
>
>

v2.23.0 | Report a Bug | By Email