Re: [Curdle] should we include xmldsig and xmlenc?
Simon Josefsson <simon@josefsson.org> Wed, 02 December 2015 14:20 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C9D81A9094 for <curdle@ietfa.amsl.com>; Wed, 2 Dec 2015 06:20:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.951
X-Spam-Level:
X-Spam-Status: No, score=-0.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, J_CHICKENPOX_48=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FEE8RmwOc5jJ for <curdle@ietfa.amsl.com>; Wed, 2 Dec 2015 06:20:01 -0800 (PST)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFDEB1A9081 for <curdle@ietf.org>; Wed, 2 Dec 2015 06:20:00 -0800 (PST)
Received: from latte.josefsson.org ([IPv6:2001:9b0:104:42::a86]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id tB2EJkfi016761 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 2 Dec 2015 15:19:47 +0100
Date: Wed, 02 Dec 2015 15:19:39 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <20151202151939.37f9ea18@latte.josefsson.org>
In-Reply-To: <87io4h2dsx.fsf@latte.josefsson.org>
References: <565EE8B6.2010903@cs.tcd.ie> <87io4h2dsx.fsf@latte.josefsson.org>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; boundary="Sig_/s_8ZC/9QqRKxY3NwM3.uWVx"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/curdle/Ylertitv43TdDrcm4ufh2LxdBjM>
Cc: curdle@ietf.org, Wendy Seltzer <wseltzer@w3.org>, Mark Nottingham <mnot@mnot.net>
Subject: Re: [Curdle] should we include xmldsig and xmlenc?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 14:20:02 -0000
> I have an Ed25519/Ed448-for-XMLDigSig document sitting on my disk No need to keep it there, I have pushed it, and include it below. https://gitlab.com/jas/ietf-xmldsig-curves/blob/master/draft-josefsson-xmldigsig-curves.md /Simon EdDSA Ed25519/Ed448 for XML Digital Signatures ============================================== We describe how EdDSA digital signatures (Ed25519 and Ed448) [EDDSA] can be used in XML Digital Signatures [XMLDSIG]. Approach ======== EdDSA is used in XML Digital Signatures through the Elliptic Curve Digital Signature Algorithm (ECDSA) framework described in [XMLECDSA]. While EdDSA is different from ECDSA, we have chosen to re-use existing elements and specify semantic conventions specific to EdDSA, rather than to describe a new mechanism. The remaining sections describe how use of EdDSA differs from use of other ECDSA schemes in the [XMLECDSA] framework. Namespace and Identifiers ========================= The XML namespace URI that MUST be used by implementations of this specification is: http://josefsson.org/2015/12/xmldsig-eddsa# Elements in the namespace of the [XMLDSIG] specification are marked by using the namespace prefix "dsig" in the remaining sections of this document. The URI Identifiers used to identify the algorithms we describe are for Ed25519 and Ed448 respectively: http://josefsson.org/2015/12/xmldsig-eddsa#ed25519 http://josefsson.org/2015/12/xmldsig-eddsa#ed448 EdDSA Key Values ================ EdDSA public keys are encoded using the new element EdDSAKeyValue. Include the element inside dsig:KeyValue similar to dsig:RSAKeyValue, dsig:ECDSAKeyValue. The EdDSA public keys are binary strings as described in [EDDSA], here encoded as base64. DTD Replacement --------------- The following definition amends the entity Key.ANY <!ENTITY % KeyValue.ANY '| ecdsa:EdDSAKeyValue'> Schema definition ----------------- The element consists of the base64 encoded public key. <xs:element name="EdDSAKeyValue" type="eddsa:EdDSAKeyValueType"/> <xs:simpleType name="EdDSAKeyValueType"> <restriction base="base64Binary"/> </xs:simpleType> DTD Definition: <!ELEMENT EdDSAKeyValue (#PCDATA) > <!-- base64 encoded digest value --> EdDSA Signatures ---------------- Similar to RFC 4050, the input to the EdDSA algorithm is the canonicalized representation of the dsig:SignedInfo element as specified in Section 3 of [XMLDSIG]. The output of the EdDSA algorithm is a binary string. The signature value (text value of element dsig:SignatureValue - see section 4.2 of [XMLDSIG]) consists of the base64 encoding of the binary EdDSA output. Security Considerations ======================= See [EDDSA], [XMLDSIG], and [XMLECDSA] XML is by design prone to implementation flaws. References ========== [EDDSA] https://tools.ietf.org/html/draft-irtf-cfrg-eddsa [XMLDSIG] RFC 3275 [XMLECDSA] RFC 4050 Appendix ======== Aggregate XML Schema -------------------- <?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="http://josefsson.org/2015/12/xmldsig-eddsa#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.2"> <!--ECDSA key value root element--> <xs:element name="EdDSAKeyValue" type="eddsa:EdDSAKeyValueType"/> <xs:simpleType name="EdDSAKeyValueType"> <restriction base="base64Binary"/> </xs:simpleType> </xs:schema> Aggregate DTD ------------- <!ELEMENT EdDSAKeyValue (#PCDATA) > <!-- base64 encoded digest value -->
- [Curdle] should we include xmldsig and xmlenc? Stephen Farrell
- Re: [Curdle] should we include xmldsig and xmlenc? Simon Josefsson
- Re: [Curdle] should we include xmldsig and xmlenc? Simon Josefsson