Re: [Curdle] Review of draft-ietf-curdle-pkix-04
Jim Schaad <ietf@augustcellars.com> Wed, 29 March 2017 18:19 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B57FD128854 for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 11:19:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xkGpWJrUoDZ for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 11:19:14 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04077126DDF for <curdle@ietf.org>; Wed, 29 Mar 2017 11:19:14 -0700 (PDT)
Content-Type: multipart/alternative; boundary="----=_NextPart_000_05D9_01D2A88F.0C6E9890"
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1490811549; h=from:subject:to:date:message-id; bh=y5uhGkfHrdzmTxI+eX6B42ic5F1E7ISiLkSpGT0xhMM=; b=Nk7Q3VF/2XFWdWey2XFyGHOMZj21OEIkGvd7zcVIzOYXaHL6DFtq55vIarvW8vw7o+LnXWMuaIN T6uBdjFT7E0o4tKOd/98wGAAe93x1I5QEHt611ibDUA240P9OW28LoQ8c9cjACuMg6i129C78/ZoR nEb6weH3x13ienaQ4Y+3TM6356zi4XzrCGWdCO7Kt+D+aAYPx/baSY3qdpTU+ceR+GuhQ2JyFhe1X xy4VbjunMMOKG13SqHFBnqlfCE4gku5WAnElHAGyZQFqDcPvwXRT2b6M9yW2P/rYcPZkmv1uIQKnF SZEos0VdKwNwaFMbDIH0BgF8BaZPs/bIujyA==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 29 Mar 2017 11:19:09 -0700
Received: from hebrews (31.133.135.244) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 29 Mar 2017 11:19:08 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'David Benjamin' <davidben@chromium.org>, 'curdle' <curdle@ietf.org>
References: <CAF8qwaCqv7gv2DD9mxTQqZ_y8aDD=5KMuz4J2kj-Z5Zp0UPJKw@mail.gmail.com>
In-Reply-To: <CAF8qwaCqv7gv2DD9mxTQqZ_y8aDD=5KMuz4J2kj-Z5Zp0UPJKw@mail.gmail.com>
Date: Wed, 29 Mar 2017 13:19:05 -0500
Message-ID: <05d801d2a8b8$f53f7070$dfbe5150$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFShB4nG4sWgU6s2CcjUkZe12aLAKKsaAig
X-Originating-IP: [31.133.135.244]
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/PZsyMJJLBOF12bb8oueDqo8LMe4>
Subject: Re: [Curdle] Review of draft-ietf-curdle-pkix-04
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 18:19:17 -0000
From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of David Benjamin Sent: Wednesday, March 29, 2017 12:32 PM To: curdle <curdle@ietf.org> Subject: [Curdle] Review of draft-ietf-curdle-pkix-04 Overall, the document looks good to me. I've actually just implemented it along with the TLS bits in BoringSSL and our Go testing implementation. Seems to work. (Though I haven't done anything with the signature yet, just parsing out keys. Our X.509 story is a little funny since Chrome currently uses OS verifiers.) I have a handful of comments. They are all entirely editorial and mostly nitpicks. In section 3, The same algorithm identifiers are used for identifying a public key, identifying a private key and identifying a signature (for the four EdDSA related OIDs). Additional encoding information is provided below for each of these locations. "four EdDSA related OIDs" should now be "two EdDSA related OIDs" fixed In section 4, o subjectPublicKey contains the byte stream of the public key. While the encoded public keys for the current algorithms are all an even number of octets, future curves could change that. I would suggest replacing the last sentence with "For the algorithms defined in this document, the encoded public keys are an even number of octets." If future curves do something funny, they'll be defined with independent OIDs and won't be bound by any explanatory notes in this document. How about The algorithms defined in this document always encode the public key in an even number of octets. If future algorithms change this, they should consider using a new OID value. In section 5, If the keyUsage extension is present in a certificate that indicates id-X25119 or id-X448 in SubjectPublicKeyInfo, then the following MUST be present: "id-X25119" should be "id-X25519". Also, a exceedingly nitpicky nitpick: the various lists of keyUsage values are all indented differently. I'm not sure if this is an artifact of some centering thing or a formatting error. Fixed In section 7, For the keys defined in this document, the private key is always an opaque byte sequence. The ASN.1 type CurvePrivateKey is defined in this document to hold the byte sequence. Thus when encoding a OneAsymmetricKey object, the private key is wrapped in an CurvePrivateKey object and wrapped by the OCTET STRING of the 'privateKey' field. The 'privateKey' field is described with single quotes, but in the following paragraph, the "privateKey", "privateKeyAlgorithm", and "publicKey" fields are described with double quotes. In section 8, When the curve is known, use a more specific string. For the id- EdDSA25519 value use the string "Ed25519". For id-EdDSA448 use "Ed448". In keeping with its own advice and to match the names in section 3, "id-EdDSA25519" should be "id-Ed25519" and "id-EdDSA448" should be "id-Ed448". The names also show up elsewhere in the document and should match. fixed In section 10.2, The OIDs in the sample certificate are referred to as "EdDSA 25519 signature algorithm" and "ECDH 25519 key agreement", contradicting the document's own advice on human-readable names. Fixed – I apparently did this when I re-mapped the OIDs and forgot to make the entire document consistent Jim David
- [Curdle] Review of draft-ietf-curdle-pkix-04 David Benjamin
- Re: [Curdle] Review of draft-ietf-curdle-pkix-04 David Benjamin
- Re: [Curdle] Review of draft-ietf-curdle-pkix-04 Jim Schaad
- Re: [Curdle] Review of draft-ietf-curdle-pkix-04 Russ Housley