IETF Logo Mail Archive

Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

Jim Schaad <ietf@augustcellars.com> Mon, 19 December 2016 21:41 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39263129418 for <curdle@ietfa.amsl.com>; Mon, 19 Dec 2016 13:41:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5
X-Spam-Level:
X-Spam-Status: No, score=-5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KFbBbSDs9b7f for <curdle@ietfa.amsl.com>; Mon, 19 Dec 2016 13:41:08 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 966D912943D for <curdle@ietf.org>; Mon, 19 Dec 2016 13:34:19 -0800 (PST)
Received: from hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 19 Dec 2016 13:53:53 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: 'David Benjamin' <davidben@chromium.org>
References: <20161214105434.418FAADD1C@smtp.postman.i2p> <20161214121515.GA10791@LK-Perkele-V2.elisa-laajakaista.fi> <CAF8qwaCWAx8Vp67VZz4G5DQpTGf5DX-sMN+1i40acgCYT8_NVA@mail.gmail.com> <002501d25760$a75c0bb0$f6142310$@augustcellars.com> <CAF8qwaDzC8C0czSPrCdTgKH-3_YqW8KeVQ291p+SNcOo-NyGxg@mail.gmail.com> <CAF8qwaASPih==KC9NKSy6KtEeySjEf4ByM1JkzCuu2bF8EP1xQ@mail.gmail.com>
In-Reply-To: <CAF8qwaASPih==KC9NKSy6KtEeySjEf4ByM1JkzCuu2bF8EP1xQ@mail.gmail.com>
Date: Mon, 19 Dec 2016 13:34:10 -0800
Message-ID: <035701d25a3f$a46ca9f0$ed45fdd0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0358_01D259FC.964C5020"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGOM3TmntUFFR0Xvs/2NeMkxBysCwMWGXNJAq52cnABKGzVxgEXXxKfAYY6/V2hSOvWEA==
Content-Language: en-us
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/TA5ua4pa65lXiWA-wF825jjmwv0>
Cc: curdle@ietf.org
Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2016 21:41:09 -0000

In my local version, I have done the following:

 

1.       Changed EdPrivateKey to CurvePrivateKey.  I hope that this will not cause any confusion with the ECPrivateKey type defined in RFC5915.

2.      I have changed the last sentence in the paragraph mentioned below to
        Thus when encoding a OneAsymmetricKey object, the private key is wrapped in an CurvePrivateKey object and wrapped by the OCTET STRING of the 'privateKey' field.

3.      I have also expanded the appendix with the private key example to have 1) the current PEM format, 2) an ASN.1 dump and 3) the value of the private key. 

 

I debated using the OKP (Octet Key Pair) which was used in JOSE and COSE but decided not to.

 

Jim

 

 

From: David Benjamin [mailto:davidben@chromium.org] 
Sent: Thursday, December 15, 2016 11:18 PM
To: Jim Schaad <ietf@augustcellars.com>
Cc: curdle@ietf.org
Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

 

So we don't end up with two variants of this floating around (this thread gives one data point of the current text being misinterpreted), What do you think about these editorial changes?

 

1. In the paragraph beginning "For the keys defined in this document [...]", add a sentence like "Note the opaque byte sequence is wrapped in OCTET STRINGs twice in total."

 

2. EdPrivateKey sounds like this only applies to Ed* rather than both Ed* and X*. It should probably be renamed. But the best name I can come up with right now is PrivateKeyWrapper, which is terrible. Another option is to avoid defining a type and just say:

 

   For the keys defined in this document, the private key is always an

   opaque byte sequence.  This is encoded in a OneAsymmetricKey

   object by wrapping the sequence in an ASN.1 OCTET STRING

   and placing its DER encoding in the 'privateKey' field. Note that

   'privateKey' is itself an OCTET STRING, so the original byte

   sequence is wrapped in OCTET STRINGs twice in total.

 

David

 

On Fri, Dec 16, 2016 at 1:56 AM David Benjamin <davidben@chromium.org <mailto:davidben@chromium.org> > wrote:

Ah, yes, I see OpenSSL has already shipped code which serializes X25519 in this way, as early as OpenSSL 1.1.0 in September. That's unfortunate. It would have been preferable to avoid this confusing double wrapper, but so it goes I guess.

 

David

 

On Fri, Dec 16, 2016 at 12:53 AM Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com> > wrote:

I believe that the OpenSSL people would be sad if we changed this at this time.  I did some interop testing with their developers before the last version was released and the OCTET STRING wrapper on the private key is what we were doing at the time.

Jim

From: Curdle [mailto:curdle-bounces@ietf.org <mailto:curdle-bounces@ietf.org> ] On Behalf Of David Benjamin
Sent: Wednesday, December 14, 2016 5:23 AM
To: Ilari Liusvaara <ilariliusvaara@welho.com <mailto:ilariliusvaara@welho.com> >; str4d <str4d@i2pmail.org <mailto:str4d@i2pmail.org> >
Cc: curdle@ietf.org <mailto:curdle@ietf.org> 
Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

On Wed, Dec 14, 2016 at 7:15 AM Ilari Liusvaara <mailto:ilariliusvaara@welho.com <mailto:ilariliusvaara@welho.com> > wrote:
On Wed, Dec 14, 2016 at 10:54:34AM +0000, str4d wrote:
> Hello,
>
> I am currently updating my EdDSA Java library to implement the current
> spec for key encoding [0] (previously I used
> draft-josefsson-pkix-eddsa-04 for public keys, and the equivalent in
> PKCS#8 format for private keys). The example public key given in
> draft-ietf-curdle-pkix-03 [1] passes my tests, however the example
> private key [2] does not.
>
> It appears that the private key material within the example is 34 bytes,
> but according to Section 3.2 of draft-irtf-cfrg-eddsa-08 [3] (which
> AFAICT the present draft defers to for encoding), the private key is the
> b-bit seed k, which is 32 bytes.
>
> Am I missing something? If the example keys in the present draft are
> correct, it would be helpful to add a reference that clarifies their
> exact encoding.

Apparently the key is wrapped in OCTET STRING twice for some reason,
so the length is actually 32 bytes (the first 2 are second OCTET STRING
header).

Is it too late to change that / was there any particular reason for this? Not that saving or using two bytes really matters, but it seems unnecessary when we already have an OCTET-STRING-shaped hole to put our octet string in.



David

_______________________________________________
Curdle mailing list
Curdle@ietf.org <mailto:Curdle@ietf.org> 
https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email