Re: [Curdle] draft-ietf-curdle-pkix-00: a simplification proposal
Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 22 July 2016 20:08 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A789F12E0FB for <curdle@ietfa.amsl.com>; Fri, 22 Jul 2016 13:08:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.187
X-Spam-Level:
X-Spam-Status: No, score=-3.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nEyTVee4zF66 for <curdle@ietfa.amsl.com>; Fri, 22 Jul 2016 13:08:40 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2.welho.com [83.102.41.24]) by ietfa.amsl.com (Postfix) with ESMTP id 7A3D512E119 for <curdle@ietf.org>; Fri, 22 Jul 2016 13:08:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 66BBB859E; Fri, 22 Jul 2016 23:08:35 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id FDBUcxU6fD0n; Fri, 22 Jul 2016 23:08:35 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id 24D4621C; Fri, 22 Jul 2016 23:08:35 +0300 (EEST)
Date: Fri, 22 Jul 2016 23:08:30 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Erwann Abalea <Erwann.Abalea@docusign.com>
Message-ID: <20160722200830.GA26782@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CADZyTkn1uxWMaJ2J7OMr6dJckvH1Ynzq3NZu6tSbBDR80Qgf9A@mail.gmail.com> <1553247361.41476124.1465542998520.JavaMail.zimbra@redhat.com> <015201d1caa9$ce55ac60$6b010520$@augustcellars.com> <CAF8qwaByGGP-GAUFUPjLQfhyZGbxn3UPK4BdQNNmRkYHAOR9Mg@mail.gmail.com> <2DD56D786E600F45AC6BDE7DA4E8A8C117F26424@eusaamb107.ericsson.se> <alpine.GSO.1.10.1606252348160.18480@multics.mit.edu> <20160722113642.GA24793@LK-Perkele-V2.elisa-laajakaista.fi> <6F0EA612-DB5F-43A4-899C-36C2956B5D3F@docusign.com> <20160722181825.GA26572@LK-Perkele-V2.elisa-laajakaista.fi> <7C22F8A6-88C0-469F-8D4F-BCBF11922B11@docusign.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <7C22F8A6-88C0-469F-8D4F-BCBF11922B11@docusign.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/TkuAST29IQlc9dbtc4AY9f--h5A>
Cc: "curdle@ietf.org" <curdle@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
Subject: Re: [Curdle] draft-ietf-curdle-pkix-00: a simplification proposal
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2016 20:08:42 -0000
On Fri, Jul 22, 2016 at 06:47:43PM +0000, Erwann Abalea wrote: > Bonsoir, > > > Le 22 juil. 2016 à 20:18, Ilari Liusvaara <ilariliusvaara@welho.com> a écrit : > > > > On Fri, Jul 22, 2016 at 06:00:11PM +0000, Erwann Abalea wrote: > >> Bonjour, > >> > >> Hex dump of DER encoded thing isn’t nice. > >> > >> > >> Using ASN.1 and RFC5912 modules: > >> > >> -- We need to contact Thawte Consulting, or Verisign, or whoever now > >> owns the 1.3.101 OID arc, as OID hijacking is not allowed. > > > > 1.3.101.100 was used in the IETF -00 draft. I think I heard it got > > allocated for EdDSA. > > I haven’t found an authoritative source for this. > It’s not the first time, 1.3.6 belongs to DoD, but 1.3.6.1 was « self-allocated » in RFC1065. Didn't find anything authoritative, but I did find that Simon switched to that OID (from much longer one) in persoal -02 draft. > >> id-EdXKeyAgreementAlgorithm OBJECT IDENTIFIER ::= { iso(1) > >> identified-organization(3) thawte(101) 102 } > > > > I don't know what 1.3.101.102 is… > > That’s why there’s a commentary saying it needs to be discussed. > sa-Ed* make use of the pk-Ed* keys. > There’s no defined use of pk-X* keys, and they’re used for key agreement. X.509 SPKI is used for more purposes than just X.509. > Since in the message I replied to, you proposed the following DER encoded sigalg: > 30 06 06 04 2B 65 64/65 01 Ed25519 > It seemed you wanted to use 1.3.101.101 for signature algorithms, so I expanded to 1.3.101.102 for key agreement algorithms. > But again, it’s a subject of discussion. Back when I wrote that, I had missed that reuse is OK. And as I noted then one should use those 64 values. -Ilari
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Benjamin Kaduk
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Daniel Migault
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Jim Schaad
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Jim Schaad
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Rob Stradling
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Erwann Abalea
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Rob Stradling
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Rob Stradling
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Erwann Abalea
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Erwann Abalea
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- [Curdle] draft-ietf-curdle-pkix-00: a simplificat… Nikos Mavrogiannopoulos
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Nikos Mavrogiannopoulos
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Daniel Migault
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Brian Smith
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Brian Smith
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Daniel Migault
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Nikos Mavrogiannopoulos