Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt

David Benjamin <davidben@chromium.org> Mon, 08 May 2017 18:55 UTC

Return-Path: <davidben@google.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6537E12957C for <curdle@ietfa.amsl.com>; Mon, 8 May 2017 11:55:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IE5SIAjLJG0f for <curdle@ietfa.amsl.com>; Mon, 8 May 2017 11:55:07 -0700 (PDT)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3A351294A8 for <curdle@ietf.org>; Mon, 8 May 2017 11:55:06 -0700 (PDT)
Received: by mail-pf0-x235.google.com with SMTP id e64so37344856pfd.1 for <curdle@ietf.org>; Mon, 08 May 2017 11:55:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8kk1QZNVmAoYDt3wR63Rhxml04H+AVlaEJMK2crpJts=; b=GlzOu54ZV3FE9DfERx8aAYtGx53liOQNtPhq/PQ7M78rqybAT7yagSKhuPwaAzltWL J/HE6rV9FmoShxvXew7g+OFgEO8BUpMsEDmlEBs159lQf/4ofsti30xNx4VMXSncqqNa 23f8OJzdalpJMG+FU4rMNiXUbXmp4StrlOnHc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8kk1QZNVmAoYDt3wR63Rhxml04H+AVlaEJMK2crpJts=; b=gVSZC2C+92f3SLfPLQrRYaAE/hQHmER1GhiZn6nPhKwhajGK/02IigAsUC1aw3XvCI k8jcb7mmphG8+5+z3h592legUWfjFFkB1uKkcEn5l8FHenjPuJjrbbqStdPtstubBx8o WSOSSf6p26YZLOGr74RzdhSyVGHl2hsdLT6KK1nQXCjoQj+QS4klB5kYQGwJbxml2RyF qZNjf1pG95Np2qw0tAN+7zHuCyNLhw++JrsN/u3euZVRfho0JvzK7dYI8oVOv4Rsf0sS YGDAr8aCdys9+V5lyAKIQ0rgtBTLaddmsRuvfnKIcUTbfQB/V8LcV3cF6mjGYtBzEMSn TMZQ==
X-Gm-Message-State: AODbwcDMJiOqunYGpGlnI7xcLcUtD2Pw6Eing901pzmCtb3ojssiU5S6 ZO4Ix62gPSuVv6lnorPkm+6SlTkVMzSRxpM=
X-Received: by 10.84.248.73 with SMTP id e9mr21901611pln.76.1494269706348; Mon, 08 May 2017 11:55:06 -0700 (PDT)
MIME-Version: 1.0
References: <149073663013.1172.4888065212435317707.idtracker@ietfa.amsl.com> <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com> <CAFewVt6-0WSqmwD7xVvKWDg3P9vNpFZDqB-n61hiU9qQp1c2cw@mail.gmail.com> <006d01d2c194$0e99b280$2bcd1780$@augustcellars.com> <CAFewVt4Lj7DMuVszGD6eht-3CJY6twaOao4J6KBTq4mTnYVFUQ@mail.gmail.com> <CAF8qwaCSVLJZMfy1eZ4hF4B3TUZyEdrL3VkkeiQ6TT=5mawUNg@mail.gmail.com> <007001d2c820$6fc202a0$4f4607e0$@augustcellars.com> <CAF8qwaBHv3fYVs0DBGsEijJF2w+uo7iqTqy3stXhFasp9zRQPw@mail.gmail.com> <CAFewVt4rH3B0h0qcH+UQc6vE3G+7K2CYTgx_dLqqSeeOcHLC7g@mail.gmail.com>
In-Reply-To: <CAFewVt4rH3B0h0qcH+UQc6vE3G+7K2CYTgx_dLqqSeeOcHLC7g@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Mon, 08 May 2017 18:54:54 +0000
Message-ID: <CAF8qwaCaCsQY_TxbH3qCxfQghdb7sn-uoD31BPUP9T-W2pgiYw@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: Jim Schaad <ietf@augustcellars.com>, curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="f403045fc4880befb1054f07c718"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/bc0CTmhNJNrRHltI7A9ZTT6sycM>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 18:55:08 -0000

On Mon, May 8, 2017 at 2:46 PM Brian Smith <brian@briansmith.org> wrote:

> On David Benjamin <davidben@chromium.org> wrote:
> > - When serializing without publicKey, serializing code SHOULD use v1
> > (PrivateKeyInfo). v2 (OneAsymmetricKey) would also work, but this will be
> > less compatible.
>
> RFC 5958 says:
> > version identifies the version of OneAsymmetricKey.  If publicKey
> > is present, then version is set to v2 else version is set to v1.
>
> This means if the publicKey is present, version MUST be v2. When
> publicKey is absent, version MUST be v1. (This is what we want, for
> interop with older implementations.)
>

Ah, I'd missed that. Yeah, being tighter's even better.


> > - When parsing and the version is v2, parse as OneAsymmetricKey. When
> > parsing as OneAsymmetricKey, one MUST ignore trailing fields after the
> > OPTIONAL publicKey.
>
> I would rather not ignore trailing fields after publicKey.
>

Just to clarify, my comment was intended as a proposed concrete version of
what Jim was saying. I am also fine with (and probably prefer) your version
where we punt the X.680-level extensibility. But I also don't care much and
just want there to be *some* concrete interpretation. :-)


> > - When parsing and the version is anything else, reject. This is some
> > invalid thing.
>
> Yep, I agree.
>
> Cheers,
> Brian
> --
> https://briansmith.org/
>