Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
Brian Smith <brian@briansmith.org> Sun, 30 April 2017 01:33 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E7F1128B38 for <curdle@ietfa.amsl.com>; Sat, 29 Apr 2017 18:33:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Level:
X-Spam-Status: No, score=0.1 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDVReczQQi_L for <curdle@ietfa.amsl.com>; Sat, 29 Apr 2017 18:33:32 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43680129458 for <curdle@ietf.org>; Sat, 29 Apr 2017 18:31:20 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id p80so89401454iop.3 for <curdle@ietf.org>; Sat, 29 Apr 2017 18:31:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QZSTUHCrRpnj1H7AueeH/Ni0rGKT5NHJ5+J1hu5RUP0=; b=OcqpngnAE/OYeRE0WajeslO1o7MNZAGDv6hJ2s9U70bUe1w7UQFsm1ZLsOhSQwFKLB PcXF7tBD6AdL3sEQKXluAewGgXLyOqhkptKNJ3gswGeaAjZ1inluPc8l0N4Fngd3hc95 ulqEZEvSl2Zpb9J15KpO958HiocaoAY8RtLItuj67cfa/7nIU9/PBgZUIeZLUnBBIWYP 9svCdOdzSXRgN0JiKWV9JKx0BMfZuVXsCLd/tgOod16VXTOx1iKp/ffUDnA94iY2+LnX 9DnCZalwRQhl3iW/KLX9KFFz7aILOMjP/cErLJCG+DqaWTsg/GfKGzV8QZMhavvWuKG8 CkpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QZSTUHCrRpnj1H7AueeH/Ni0rGKT5NHJ5+J1hu5RUP0=; b=gcKihqRLTeJpK26tQZmL1001fc1kkQGdObWEiItFULHFpOtMOuRM2eXnlwoci7FKhI 7LP4Tg0mrcT/WCqw7ztk97Tfng0BAKeauZzIwvTCEX+3hHGpiRpK3c+gWN8Y12keeuAM Ns1I68zeqVOFMbbmArRQRRJSF+3vPoKJJlr+WamIHIVYHuRRqO7pj46uUIu+TC2oEoex l1WF0urDMHGwdkqXms9aAhFsDDv5k/EehLsysrvTibThHI4Ig4mz5XKOkuj2xAi6g//r ppVN+pqAAfoVQPiVkB5HgC8Nre+ldKhYL/W5BqxeUGcCdpUAJeLSFlbsfr2FiCeQZEpK 5u7Q==
X-Gm-Message-State: AN3rC/7AjvfwxY9sUwI/ZVWz0K+b19jt6HP7vLCoG2NU24vEo/BCZYpW PQSL4p3wFI+IIGxWWEvQowBU6wJqEPfi
X-Received: by 10.107.52.202 with SMTP id b193mr17292599ioa.150.1493515879379; Sat, 29 Apr 2017 18:31:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.77.84 with HTTP; Sat, 29 Apr 2017 18:31:18 -0700 (PDT)
In-Reply-To: <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com>
References: <149073663013.1172.4888065212435317707.idtracker@ietfa.amsl.com> <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com>
From: Brian Smith <brian@briansmith.org>
Date: Sat, 29 Apr 2017 15:31:18 -1000
Message-ID: <CAFewVt6-0WSqmwD7xVvKWDg3P9vNpFZDqB-n61hiU9qQp1c2cw@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="001a114415d2754c35054e5843f8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/OmC3zbXSriZDbsOXOUB_eMSShVc>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Apr 2017 01:33:35 -0000
Jim Schaad <ietf@augustcellars.com> wrote: > Here is the promised updated draft. > > URL: https://www.ietf.org/internet- > drafts/draft-ietf-curdle-pkix-04.txt > > Status: https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/ > > Htmlized: https://tools.ietf.org/html/draft-ietf-curdle-pkix-04 > > Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-curdle- > pkix-04 > > Diff: https://www.ietf.org/rfcdiff? > url2=draft-ietf-curdle-pkix-04 I started implementing this this weekend and I noticed that this is the only private key format for which it is impossible to implement a useful pairwise consistency check. In one sense, a consistency check isn't necessary because the public key is computed from the private key, so there's no room for inconsistency. On the other hand, there's no way to detect corruption of the private key like you can with RSA and ecPublicKey keys, when the key is stored in the unencrypted form. I think this is really unfortunate. It is possible to use a v2 PKCS#8 encoding that adds the publicKey component, in which case one can then implement an integrity check. However, unless this is documented in the draft one way or another as a MUST accept or a MUST NOT generate, I think it will be an interop nightmare. In particular, we should avoid the situation where some implementations produce v2 keys so they can add the publicKey field, and where other implementations reject v2 keys because they only parse v1, where the publicKey field isn't allowed. In particular, it is important for the spec to include v2 PKCS#8 examples with the publicKey field, if such encoding is allowed. I also found that, if the publicKey field is included, and one tries to do pairwise validation of the private key and public key, there are a few special cases that should be documented as test vectors. Cheers, Brian
- Re: [Curdle] FW: New Version Notification for dra… Mehner, Carl
- Re: [Curdle] FW: New Version Notification for dra… Russ Housley
- [Curdle] FW: New Version Notification for draft-i… Jim Schaad
- Re: [Curdle] FW: New Version Notification for dra… Daniel Migault
- Re: [Curdle] New Version Notification for draft-i… David Schinazi
- Re: [Curdle] New Version Notification for draft-i… Tommy Pauly
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Jim Schaad
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… David Benjamin
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Ilari Liusvaara
- Re: [Curdle] FW: New Version Notification for dra… Jim Schaad
- Re: [Curdle] FW: New Version Notification for dra… David Benjamin
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… David Benjamin
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Jim Schaad
- Re: [Curdle] New Version Notification for draft-i… Russ Housley
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… David Benjamin
- Re: [Curdle] FW: New Version Notification for dra… Jim Schaad
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith