Re: [Curdle] draft-ietf-curdle-pkix-07 intended status
Daniel Migault <daniel.migault@ericsson.com> Fri, 05 January 2018 16:42 UTC
Return-Path: <daniel.migault@ericsson.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63681126DFF for <curdle@ietfa.amsl.com>; Fri, 5 Jan 2018 08:42:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4krtbj4pNPEm for <curdle@ietfa.amsl.com>; Fri, 5 Jan 2018 08:42:28 -0800 (PST)
Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 806B21267BB for <curdle@ietf.org>; Fri, 5 Jan 2018 08:42:28 -0800 (PST)
X-AuditID: c618062d-8d7ff70000004288-19-5a4faaf32ad5
Received: from EUSAAHC001.ericsson.se (Unknown_Domain [147.117.188.75]) by usplmg20.ericsson.net (Symantec Mail Security) with SMTP id 95.29.17032.3FAAF4A5; Fri, 5 Jan 2018 17:42:27 +0100 (CET)
Received: from EUSAAMB108.ericsson.se ([147.117.188.125]) by EUSAAHC001.ericsson.se ([147.117.188.75]) with mapi id 14.03.0352.000; Fri, 5 Jan 2018 11:42:26 -0500
From: Daniel Migault <daniel.migault@ericsson.com>
To: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>
CC: "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: [Curdle] draft-ietf-curdle-pkix-07 intended status
Thread-Index: AQHTg9/GcXJIVvnDUkqXFn40tBk2yKNgxEPggAUNrQD//655oA==
Date: Fri, 05 Jan 2018 16:42:25 +0000
Message-ID: <2DD56D786E600F45AC6BDE7DA4E8A8C118D3D01C@eusaamb108.ericsson.se>
References: <20180102153825.GA19225@LK-Perkele-VII> <2DD56D786E600F45AC6BDE7DA4E8A8C118D356CC@eusaamb107.ericsson.se> <20180105163336.GA4683@LK-Perkele-VII>
In-Reply-To: <20180105163336.GA4683@LK-Perkele-VII>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.11]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrHLMWRmVeSWpSXmKPExsUyuXSPt+7nVf5RBseOG1hsXTiL2eL97uks DkweS5b8ZPK43T2HLYApissmJTUnsyy1SN8ugSvj37v1LAVXFCs2buxjbGB8otDFyMkhIWAi sWPJP7YuRi4OIYEjjBIXG3ezQjjLGCX+b5nDDFLFJmAk0Xaonx3EFhGwlNjx/BsbiM0soC7x racDrEZYwF5i0q/LzBA1DhLt+68xQthOEnNnrgWrZxFQkVjb1QAW5xXwlbjR948dYtkCRonV p4+xdDFycHAKGEvsO1oKUsMoICbx/dQaJohd4hK3nsxngrhaQGLJnvPMELaoxMvH/1ghbCWJ j7/ns4OMYRbQlFi/Sx+iVVFiSvdDdoi1ghInZz5hmcAoOgvJ1FkIHbOQdMxC0rGAkWUVI0dp cUFObrqRwSZGYCwck2DT3cF4f7rnIUYBDkYlHt75K/yjhFgTy4orcw8xSnAwK4nwchr5RQnx piRWVqUW5ccXleakFh9ilOZgURLnPePJGyUkkJ5YkpqdmlqQWgSTZeLglGpgDLkv9WTnE92c k1M5yncevD6vpF78XdTMArHka1mLFr2wcnr3K+6CyIMcRcXj0Tm5AdvNnvPbxwW23xGV4cmR WcYpubegfVn74QVaYW5zthvfu2hyMm3NQVE+Z2ndnw8Tehed/F6epKX2aP0vf2/Z0tNvOjct b3d41ZhUN++x9b3pd+3k4u8FKbEUZyQaajEXFScCAFs+PF6BAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/VYjaGR-xt2bXcllt4kU1jtE6oOE>
Subject: Re: [Curdle] draft-ietf-curdle-pkix-07 intended status
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jan 2018 16:42:30 -0000
Thanks for the response. I updated the shepherd writeup with these information. Yours, Daniel -----Original Message----- From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] Sent: Friday, January 05, 2018 11:34 AM To: Daniel Migault <daniel.migault@ericsson.com> Cc: curdle@ietf.org Subject: Re: [Curdle] draft-ietf-curdle-pkix-07 intended status On Tue, Jan 02, 2018 at 04:37:55PM +0000, Daniel Migault wrote: > Hi IIlari, > > Thank you for the follow up. I just received a few days ago a > notification to complete the "Document Quality" section in the > shepherd writeup which requires a a status on the implementations. > I sent a few hours a go a request to the co-authors of known > implementations. If you are aware of such implementations, feel free > to create a new project at [1]. > > You can also let us know on the mailing (with associated URLs) these > projects so I can complete code stand as well as the shepherd writeup. > I am happy to complete it today 😉 > > For the status you are correct but I believe it should not cause any issue. I do not have/know full implementation, however I do have a partial implementation in context of TLS: - Ed25519/Ed448 PKIX public keys in certificates. - (Ed25519/Ed448 TLS exchange signatures -- covered by TLS docs) - Ed25519/Ed448 PKIX certificate signatures. And GnuTLS 3.6.1 supports at least: - Ed25519 PKIX private keys (at least v1) - Ed25519 PKIX public keys in certificates - (Ed25519 TLS exchange signatures -- covered by TLS docs) - Ed25519 PKIX certificate signatures. My implementation interoperates with GnuTLS 3.6.1 on TLS handshake with both Ed25519 server signature and certificate signature. - Server: My implementation, all settings at defaults. - Client: GnuTLS 3.6, all settings at defaults except trustpile replaced with custom one. - Certificate 0: EE, Ed25519 key, Ed25519 signature. - Certificate 1: CA, Ed25519 key, RSA-PSS-SHA256 signature. - Certificate 2: CA, RSAEncryption key, RSA-PKCS1-SHA256 signature. - Certificate 3: CA, RSAEncryption key, self-signed. [Not sent]. - Negotiated TLS versionn: TLS 1.2 + RENEGO + EMS. (The key exchange used is ECDHE_ECDSA for technical reasons, however, there are no actual ECDSA used anywhere). Client status at end of handshake: - Description: (TLS1.2)-(ECDHE-X25519)-(EdDSA-Ed25519)-(CHACHA20-POLY1305) - Session ID: (empty) - Ephemeral EC Diffie-Hellman parameters - Using curve: X25519 - Curve size: 256 bits - Version: TLS1.2 - Key Exchange: ECDHE-ECDSA - Server Signature: EdDSA-Ed25519 - Cipher: CHACHA20-POLY1305 - MAC: AEAD - Options: extended master secret, safe renegotiation, - Handshake was completed Server status at end of handshake: Handshake complete, crypto parameters: - TLS version: 1.2 - Encryption: Chacha20-Poly1305 - PRF: SHA-256 - Key Exchange: X25519 - Server Signature: Ed25519 - Triple Handshake attack: Fixed - OCSP stapling: No - Certificate Transparency: No -Ilari
- [Curdle] draft-ietf-curdle-pkix-07 intended status Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-07 intended s… Daniel Migault
- Re: [Curdle] draft-ietf-curdle-pkix-07 intended s… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-07 intended s… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-07 intended s… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-07 intended s… Daniel Migault
- Re: [Curdle] draft-ietf-curdle-pkix-07 intended s… Ilari Liusvaara