IETF Logo Mail Archive

Re: [Curdle] Review of draft-ietf-curdle-pkix-04

Jim Schaad <ietf@augustcellars.com> Wed, 29 March 2017 18:19 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B57FD128854 for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 11:19:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5xkGpWJrUoDZ for <curdle@ietfa.amsl.com>; Wed, 29 Mar 2017 11:19:14 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04077126DDF for <curdle@ietf.org>; Wed, 29 Mar 2017 11:19:14 -0700 (PDT)
Content-Type: multipart/alternative; boundary="----=_NextPart_000_05D9_01D2A88F.0C6E9890"
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1490811549; h=from:subject:to:date:message-id; bh=y5uhGkfHrdzmTxI+eX6B42ic5F1E7ISiLkSpGT0xhMM=; b=Nk7Q3VF/2XFWdWey2XFyGHOMZj21OEIkGvd7zcVIzOYXaHL6DFtq55vIarvW8vw7o+LnXWMuaIN T6uBdjFT7E0o4tKOd/98wGAAe93x1I5QEHt611ibDUA240P9OW28LoQ8c9cjACuMg6i129C78/ZoR nEb6weH3x13ienaQ4Y+3TM6356zi4XzrCGWdCO7Kt+D+aAYPx/baSY3qdpTU+ceR+GuhQ2JyFhe1X xy4VbjunMMOKG13SqHFBnqlfCE4gku5WAnElHAGyZQFqDcPvwXRT2b6M9yW2P/rYcPZkmv1uIQKnF SZEos0VdKwNwaFMbDIH0BgF8BaZPs/bIujyA==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 29 Mar 2017 11:19:09 -0700
Received: from hebrews (31.133.135.244) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 29 Mar 2017 11:19:08 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'David Benjamin' <davidben@chromium.org>, 'curdle' <curdle@ietf.org>
References: <CAF8qwaCqv7gv2DD9mxTQqZ_y8aDD=5KMuz4J2kj-Z5Zp0UPJKw@mail.gmail.com>
In-Reply-To: <CAF8qwaCqv7gv2DD9mxTQqZ_y8aDD=5KMuz4J2kj-Z5Zp0UPJKw@mail.gmail.com>
Date: Wed, 29 Mar 2017 13:19:05 -0500
Message-ID: <05d801d2a8b8$f53f7070$dfbe5150$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQFShB4nG4sWgU6s2CcjUkZe12aLAKKsaAig
X-Originating-IP: [31.133.135.244]
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/PZsyMJJLBOF12bb8oueDqo8LMe4>
Subject: Re: [Curdle] Review of draft-ietf-curdle-pkix-04
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 18:19:17 -0000

 

 

From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of David Benjamin
Sent: Wednesday, March 29, 2017 12:32 PM
To: curdle <curdle@ietf.org>
Subject: [Curdle] Review of draft-ietf-curdle-pkix-04

 

Overall, the document looks good to me. I've actually just implemented it along with the TLS bits in BoringSSL and our Go testing implementation. Seems to work. (Though I haven't done anything with the signature yet, just parsing out keys. Our X.509 story is a little funny since Chrome currently uses OS verifiers.)

 

I have a handful of comments. They are all entirely editorial and mostly nitpicks.

 

In section 3,

 

   The same algorithm identifiers are used for identifying a public key,

   identifying a private key and identifying a signature (for the four

   EdDSA related OIDs).  Additional encoding information is provided

   below for each of these locations.

 

"four EdDSA related OIDs" should now be "two EdDSA related OIDs"

 

fixed

 

In section 4,

 

   o  subjectPublicKey contains the byte stream of the public key.

      While the encoded public keys for the current algorithms are all

      an even number of octets, future curves could change that.

 

I would suggest replacing the last sentence with "For the algorithms defined in this document, the encoded public keys are an even number of octets." If future curves do something funny, they'll be defined with independent OIDs and won't be bound by any explanatory notes in this document.

 

How about

 

        The algorithms defined in this document always encode the public key in an even number of octets.

        If future algorithms change this, they should consider using a new OID value.

 

In section 5,

 

   If the keyUsage extension is present in a certificate that indicates

   id-X25119 or id-X448 in SubjectPublicKeyInfo, then the following MUST

   be present:

 

"id-X25119" should be "id-X25519".

 

Also, a exceedingly nitpicky nitpick: the various lists of keyUsage values are all indented differently. I'm not sure if this is an artifact of some centering thing or a formatting error.

 

Fixed 

 

In section 7,

 

   For the keys defined in this document, the private key is always an

   opaque byte sequence.  The ASN.1 type CurvePrivateKey is defined in

   this document to hold the byte sequence.  Thus when encoding a

   OneAsymmetricKey object, the private key is wrapped in an

   CurvePrivateKey object and wrapped by the OCTET STRING of the

   'privateKey' field.

 

The 'privateKey' field is described with single quotes, but in the following paragraph, the "privateKey", "privateKeyAlgorithm", and "publicKey" fields are described with double quotes.

 

In section 8,

 

   When the curve is known, use a more specific string.  For the id-

   EdDSA25519 value use the string "Ed25519".  For id-EdDSA448 use

   "Ed448".

 

In keeping with its own advice and to match the names in section 3, "id-EdDSA25519" should be "id-Ed25519" and "id-EdDSA448" should be "id-Ed448".  The names also show up elsewhere in the document and should match.

 

fixed

 

In section 10.2,

 

The OIDs in the sample certificate are referred to as "EdDSA 25519 signature algorithm" and "ECDH 25519 key agreement", contradicting the document's own advice on human-readable names.

 

Fixed – I apparently did this when I re-mapped the OIDs and forgot to make the entire document consistent

 

Jim

 

 

David

v2.23.0 | Report a Bug | By Email