Re: [Curdle] New Version Notification for draft-mtis-lamps-8410-ku-clarifications-00.txt
Sean Turner <sean@sn3rd.com> Fri, 14 January 2022 16:34 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C5FF3A292D for <curdle@ietfa.amsl.com>; Fri, 14 Jan 2022 08:34:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJlrEKbJv0eX for <curdle@ietfa.amsl.com>; Fri, 14 Jan 2022 08:34:52 -0800 (PST)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 158BD3A2929 for <curdle@ietf.org>; Fri, 14 Jan 2022 08:34:51 -0800 (PST)
Received: by mail-qk1-x729.google.com with SMTP id 82so11349841qki.10 for <curdle@ietf.org>; Fri, 14 Jan 2022 08:34:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=c7bsoyxHe8eWXRETTER3d5sNOSjhcGs3hIN5hevWZ6I=; b=U0pSg0q3PtSOdaXmJMpaq7aC8G9crwohdc35+O1pXKjsY5HSyo7F+H67wT/4FJa3Pd 5mo/1a+rzxcw9KA4OfIKObS0zVi4SE4xTOGKFl8jGwNAqvjc8kYLJsXkZ8biNibsiZgc 137H20HxufRpBT24saIQz6xHxw5gs2RP3WY+Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=c7bsoyxHe8eWXRETTER3d5sNOSjhcGs3hIN5hevWZ6I=; b=itzCzSV+gA5E1iJGr0aR3KsPWGoi9mSlCowK/yF7DO3h+2T7nvDVcCXMrzolfTX981 rMaToONueiE6WLas1uAz1fVWBedSSmu8mWUTmrETrnNenQ25KchbFYWO7KYpLIaSKvZl Y8pdR2SyqpPKDjOG5/ZXBDh6mSdiBmNJ83Pb+CNEI2w1lsWOjS1fLFa9OsWqmZsrO/Y+ UiIq32VlZU9ixOZm3JVINIbYy81ZnOSvPzgN+PnkGzXiOXnhfHMUTM0oG9ieDGEnJhBS 1Uax3///B1C8e1To06944mwomhZR3lG1kANN5M1SPu43mMkE4fv/kiPEbZS+pe++gRH9 p5hQ==
X-Gm-Message-State: AOAM53209gkemo091By2bx7kSYDl2s3brq2wGcJF6PyxiNBkvJO9m9FC no2IoU2TyHreyp8i2ZB0GeNyFeQh3+mtaQ==
X-Google-Smtp-Source: ABdhPJwNj8XGuMgNVCKPYLVP/R+3g0ZCvKKb0N762U4acl/1WRA7bYqGxUFcs9bhQG1RfH+GvKk7fA==
X-Received: by 2002:a05:620a:bc3:: with SMTP id s3mr6994530qki.197.1642178089981; Fri, 14 Jan 2022 08:34:49 -0800 (PST)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id c7sm4294703qtc.37.2022.01.14.08.34.49 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Jan 2022 08:34:49 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <030E511F-0C57-4032-93B9-E0DC34DB57E9@sn3rd.com>
Date: Fri, 14 Jan 2022 11:34:48 -0500
Cc: LAMPS WG <spasm@ietf.org>, curdle@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <87C0CC88-23E0-4639-91C1-004FEE3A0619@sn3rd.com>
References: <164196813912.10423.12752056700321106986@ietfa.amsl.com> <1C866AE7-94AF-4FA1-95C1-76D2F64BED7B@sn3rd.com> <B025018C-0C0E-4B33-BA82-5DBA2099F7D1@vigilsec.com> <030E511F-0C57-4032-93B9-E0DC34DB57E9@sn3rd.com>
To: Russ Housley <housley@vigilsec.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Z8hkZvBO5zAA6cP0rCTHy_c1ez8>
Subject: Re: [Curdle] New Version Notification for draft-mtis-lamps-8410-ku-clarifications-00.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2022 16:34:57 -0000
A couple of people have noted the same thing off list so created the following PR to resolve the issue: https://github.com/seanturner/draft-mtis-lamps-8410-ku-clarifications/pull/2 spt > On Jan 13, 2022, at 23:07, Sean Turner <sean@sn3rd.com> wrote: > > It does, it’s just in the prose before the list: > > If the keyUsage extension is present in a certification authority > certificate that indicates id-Ed25519 or id-Ed448 in > SubjectPublicKeyInfo, then the keyUsage extension MUST contain > -> keyCertSign, and zero, or more of the following: > > spt > > >> On Jan 12, 2022, at 15:55, Russ Housley <housley@vigilsec.com> wrote: >> >> Sean: >> >> I think that id-Ed25519 or id-Ed448 need to allow keyCertSign as well. Otherwise, a CA could not use these signature algorithms. >> >> Russ >> >> >>> On Jan 12, 2022, at 2:59 PM, Sean Turner <sean@sn3rd.com> wrote: >>> >>> LAMPS, >>> >>> Hi! While Ito-san and I were working on RFC 8813 (nee draft-ietf-lamps-5480-ku-clarifications, nee draft-turner-5480-ku-clarifications), Daniel McCarney asked whether we should write the same kind of clarifications for RFC 8410 [1] (algorithm identifiers for Ed25519, Ed448, X25519, and X448 in certificates). I had a look and exchanged some emails with Simon and it seems like it would be good to make sure there were the same clarifications for the x25519 and x448 identifiers that we had for the other identifiers … so we produced this I-D. >>> >>> Note: I am forwarding this I-D to LAMPS for consideration and not curdle knowing that curdle is planning to close. I also alerted the chairs and am cc’ing curdle so nobody is surprised. As this is basically, a do-over of RFC 8410 I am hoping that adopting/progressing this I-D will be non-controversial. >>> >>> Cheers, >>> spt >>> >>> [1] https://datatracker.ietf.org/doc/rfc8410/ >>> >>>> Begin forwarded message: >>>> >>>> From: internet-drafts@ietf.org >>>> Subject: New Version Notification for draft-mtis-lamps-8410-ku-clarifications-00.txt >>>> Date: January 12, 2022 at 01:15:39 EST >>>> To: "Daniel McCarney" <daniel@binaryparadox.net>, "Sean Turner" <sean@sn3rd.com>, "Simon Josefsson" <simon@josefsson.org>, "Tadahiko Ito" <tadahiko.ito.public@gmail.com> >>>> >>>> >>>> A new version of I-D, draft-mtis-lamps-8410-ku-clarifications-00.txt >>>> has been successfully submitted by Sean Turner and posted to the >>>> IETF repository. >>>> >>>> Name: draft-mtis-lamps-8410-ku-clarifications >>>> Revision: 00 >>>> Title: Clarifications for Ed25519, Ed448, X25519, and X448 Algorithm Identifiers >>>> Document date: 2022-01-12 >>>> Group: Individual Submission >>>> Pages: 6 >>>> URL: https://www.ietf.org/archive/id/draft-mtis-lamps-8410-ku-clarifications-00.txt >>>> Status: https://datatracker.ietf.org/doc/draft-mtis-lamps-8410-ku-clarifications/ >>>> Html: https://www.ietf.org/archive/id/draft-mtis-lamps-8410-ku-clarifications-00.html >>>> Htmlized: https://datatracker.ietf.org/doc/html/draft-mtis-lamps-8410-ku-clarifications >>>> >>>> >>>> Abstract: >>>> This document updates RFC 8410 to clarify existing and specify >>>> missing semantics for key usage bits when used in certificates that >>>> support the Ed25519, Ed448, X25519, and X448 Elliptic Curve >>>> Cryptography algorithms. >>>> >>>> >>>> >>>> >>>> The IETF Secretariat >>>> >>>> >>> >>> _______________________________________________ >>> Curdle mailing list >>> Curdle@ietf.org >>> https://www.ietf.org/mailman/listinfo/curdle >> >
- [Curdle] Fwd: New Version Notification for draft-… Sean Turner
- Re: [Curdle] New Version Notification for draft-m… Russ Housley
- Re: [Curdle] New Version Notification for draft-m… Sean Turner
- Re: [Curdle] New Version Notification for draft-m… Sean Turner