Re: [Curdle] Review of draft-ietf-curdle-pkix-04
David Benjamin <davidben@chromium.org> Wed, 29 March 2017 17:33 UTC
Return-Path: <davidben@google.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6B77127843 for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 10:33:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLA_PmAlsV6j for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 10:33:46 -0700 (PDT)
Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com [IPv6:2607:f8b0:400e:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDE6E1272E1 for <curdle@ietf.org>; Wed, 29 Mar 2017 10:33:45 -0700 (PDT)
Received: by mail-pf0-x236.google.com with SMTP id i5so10753833pfc.2 for <curdle@ietf.org>; Wed, 29 Mar 2017 10:33:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=D9AgzHu6/HPEuVG6MpQpLtsUkFhmFgTuqdyw8SWtP7s=; b=gfOtSChDa8MkXJ9WpUmQbUVeKOhuXGMds1B5I7E0uZH08LLAf8y9FfE3jDacjkiEhy DXuZxmDk66+9XY669fv9Zp2ld0t2g/KYZlJ9EIAIz41E12MOwSCflVVZqlrnYJm4QUkk p2i1wQomW77Xm5hcCudSaEoKYa7ik+XMuzGgQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=D9AgzHu6/HPEuVG6MpQpLtsUkFhmFgTuqdyw8SWtP7s=; b=VKLNAcVlAzA30hQAII060r7DyIrRklToNzdqbuM8tKbMdgW7MMQ0EmTkw1QQFqcKWo /DFJ52DYps68OUZbXY+Cbkh8e8GuSM0akAkZA5KTTRBVGmUhxVSd9uh8C2qdwHHhvQku KgHEgxjpt8VBUkejwImHKwVONFe8rsqA1J041yh3MEYnMR+OaldSuJcVKC3qI8niRmw2 EflsQ8fFqtgVW/2w86x4nEIeaaE88BZsrgGorGmAYsZnohq41tlkFUcEk01SW9FuZRLN r9l18U8DVOE+GVv/Lr6BNAlxSqKV2nZHBoOsApYidQg8xAd5yVSuEGfGbhuiRLfMI6Ih 9RrA==
X-Gm-Message-State: AFeK/H0MKwKVeD5HfPs1hhnUAEb4W3GpPF+mbd0088E7spbLw7fiWPY0pAJ5dqlO+In+27bV4IMf0q/+V8+4wFqn
X-Received: by 10.98.11.70 with SMTP id t67mr1681870pfi.259.1490808825177; Wed, 29 Mar 2017 10:33:45 -0700 (PDT)
MIME-Version: 1.0
References: <CAF8qwaCqv7gv2DD9mxTQqZ_y8aDD=5KMuz4J2kj-Z5Zp0UPJKw@mail.gmail.com>
In-Reply-To: <CAF8qwaCqv7gv2DD9mxTQqZ_y8aDD=5KMuz4J2kj-Z5Zp0UPJKw@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 29 Mar 2017 17:33:34 +0000
Message-ID: <CAF8qwaBPvJcNtZ2sAasySPhZr5j0oghjmYFCo+O4fCb=tWqbvA@mail.gmail.com>
To: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="001a1145b8107440e9054be1fa7c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/N3DU7DddyrJ-TY6_hJkotSKiUo8>
Subject: Re: [Curdle] Review of draft-ietf-curdle-pkix-04
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 17:33:48 -0000
On Wed, Mar 29, 2017 at 12:31 PM David Benjamin <davidben@chromium.org> wrote: > Overall, the document looks good to me. I've actually just implemented it > along with the TLS bits in BoringSSL and our Go testing implementation. > Seems to work. (Though I haven't done anything with the signature yet, just > parsing out keys. Our X.509 story is a little funny since Chrome currently > uses OS verifiers.) > > I have a handful of comments. They are all entirely editorial and mostly > nitpicks. > > In section 3, > > The same algorithm identifiers are used for identifying a public key, > identifying a private key and identifying a signature (for the four > EdDSA related OIDs). Additional encoding information is provided > below for each of these locations. > > "four EdDSA related OIDs" should now be "two EdDSA related OIDs" > > In section 4, > > o subjectPublicKey contains the byte stream of the public key. > While the encoded public keys for the current algorithms are all > an even number of octets, future curves could change that. > > I would suggest replacing the last sentence with "For the algorithms > defined in this document, the encoded public keys are an even number of > octets." If future curves do something funny, they'll be defined with > independent OIDs and won't be bound by any explanatory notes in this > document. > > In section 5, > > If the keyUsage extension is present in a certificate that indicates > id-X25119 or id-X448 in SubjectPublicKeyInfo, then the following MUST > be present: > > "id-X25119" should be "id-X25519". > > Also, a exceedingly nitpicky nitpick: the various lists of keyUsage values > are all indented differently. I'm not sure if this is an artifact of some > centering thing or a formatting error. > > In section 7, > > For the keys defined in this document, the private key is always an > opaque byte sequence. The ASN.1 type CurvePrivateKey is defined in > this document to hold the byte sequence. Thus when encoding a > OneAsymmetricKey object, the private key is wrapped in an > CurvePrivateKey object and wrapped by the OCTET STRING of the > 'privateKey' field. > > The 'privateKey' field is described with single quotes, but in the > following paragraph, the "privateKey", "privateKeyAlgorithm", and > "publicKey" fields are described with double quotes. > > In section 8, > > When the curve is known, use a more specific string. For the id- > EdDSA25519 value use the string "Ed25519". For id-EdDSA448 use > "Ed448". > > In keeping with its own advice and to match the names in section 3, > "id-EdDSA25519" should be "id-Ed25519" and "id-EdDSA448" should be > "id-Ed448". The names also show up elsewhere in the document and should > match. > Er, by "the names", I meant "id-EdDSA25519". That is, there are other instances which should be switched too. (Actually "id-Ed25519" only shows up once, but I think that is a better name.) > In section 10.2, > > The OIDs in the sample certificate are referred to as "EdDSA 25519 > signature algorithm" and "ECDH 25519 key agreement", contradicting the > document's own advice on human-readable names. > > David >
- [Curdle] Review of draft-ietf-curdle-pkix-04 David Benjamin
- Re: [Curdle] Review of draft-ietf-curdle-pkix-04 David Benjamin
- Re: [Curdle] Review of draft-ietf-curdle-pkix-04 Jim Schaad
- Re: [Curdle] Review of draft-ietf-curdle-pkix-04 Russ Housley