IETF Logo Mail Archive

Re: [Curdle] AlgorithmIdentifier parameters in draft-ietf-curdle-pkix-03

str4d <str4d@i2pmail.org> Wed, 22 March 2017 06:02 UTC

Return-Path: <str4d@i2pmail.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB7ED126B7F for <curdle@ietfa.amsl.com>; Tue, 21 Mar 2017 23:02:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.519
X-Spam-Level: ****
X-Spam-Status: No, score=4.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_SORBS_HTTP=0.001, RCVD_IN_SORBS_SOCKS=1.927, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qXe9-MUf8nE for <curdle@ietfa.amsl.com>; Tue, 21 Mar 2017 23:02:21 -0700 (PDT)
Received: from mail01.sigterm.no (mail01.sigterm.no [193.150.121.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E07F7124281 for <curdle@ietf.org>; Tue, 21 Mar 2017 23:02:20 -0700 (PDT)
Received: from smtp.postman.i2p (i2p-outproxy01.privacysolutions.no [193.150.121.66]) by postman.meeh.i2p (Postfix) with ESMTP id 5F0BA2E119C for <curdle@ietf.org>; Wed, 22 Mar 2017 07:02:15 +0100 (CET)
X-Virus-Scanned: clamav-milter 0.97 on milter.postman.i2p
X-Mailer: smtp.postman.i2p - Official I2P Mailer
From: str4d <str4d@i2pmail.org>
To: David Benjamin <davidben@chromium.org>, Daniel Migault <daniel.migault@ericsson.com>, "curdle@ietf.org" <curdle@ietf.org>, Russ Housley <housley@vigilsec.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <7d6cfe29-8d4c-436e-fe8a-0cbee915b29e@mail.i2p> <20170311061838.879BAADF28@smtp.postman.i2p> <2DD56D786E600F45AC6BDE7DA4E8A8C118BA5C93@eusaamb107.ericsson.se> <20170314174216.56419ADF21@smtp.postman.i2p>
MIME-Version: 1.0
In-Reply-To: <20170314174216.56419ADF21@smtp.postman.i2p>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="gj8u4X6nIJSFnnTCREp8qIdkMnCa5Oi2b"
Message-Id: <20170321233151.6B3F8ADF28@smtp.postman.i2p>
Date: Tue, 21 Mar 2017 23:31:51 +0000
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/V72VRwMqfk5WHH_9u8I9IUZ1TFE>
Subject: Re: [Curdle] AlgorithmIdentifier parameters in draft-ietf-curdle-pkix-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 06:02:22 -0000

On 03/15/2017 06:42 AM, David Benjamin wrote:
> No, we should not relax the MUST NOT. We've learned from the previous
> algorithms here that multiple options for encodings are an unnecessary
> source of complexity and interop headaches. There should only be one
> encoding and parsers need to enforce this to avoid an ecosystem mess.

As the author of one such parser, I completely agree. Were this a
fully-custom stack (like BouncyCastle when using their keystore, or a
commercial offering), where I controlled everything below my parser, it
wouldn't be a problem. But when the input to my parser is being
transparently rewritten to a non-compliant encoding by standard
libraries of the programming language itself, my hands are tied.

How would the following language (or something to this effect) work as a
compromise?

   In this document we defined six new OIDs for identifying the
   different curve/algorithm pairs.  The curves being Curve25519 and
   Curve448.  The algorithms being ECDH, EdDSA in pure mode and EdDSA in
   pre-hash mode.  For all of the OIDs, the parameters MUST be absent.
   Regardless of the defect in the original 1997 syntax, implementations
   MUST NOT write out a parameters value of NULL, and MUST NOT accept a
   parameters value of NULL, EXCEPT where doing so is unavoidable due to
   legacy PKCS8 interpretation within the implementation language's
   standard libraries (such as Java's Sun security provider before
   version XX).

I can comply with this, because my implementation will write the single
correct encoding to any destination (keystore or otherwise, modulo
whatever PKCS8 transformations that destination applies), but being a
standalone Java parser it can't know whether it is receiving input from
the default keystore or a compliant one. In a language where the default
PKCS8 parser can be made compliant, the MUST NOT would remain enforced.

Alternatively, the MUST NOT can be left as-is, and I will consider this
a case of "know the rules you're breaking". My concern then would be my
code being copied into other projects without this understanding (which
I would attempt to alleviate via comments), or other independent Java
implementations running up against this issue and just ignoring the MUST
NOT entirely, leading to incorrect encodings being written out
(avoidance of which AFAICT is the primary motivator for the MUST NOT).

Cheers,
Jack

v2.23.0 | Report a Bug | By Email