Re: [Curdle] draft-ietf-curdle-pkix-07 intended status

[Ilari Liusvaara <ilariliusvaara@welho.com>]

On Fri, Jan 05, 2018 at 04:42:25PM +0000, Daniel Migault wrote:
> Thanks for the response. I updated the shepherd writeup with these information. 

I think one might have summarized the information instead of just
pasting the (longish) post.


Maybe something like:

GnuTLS 3.6.1 supports Ed25519 private keys, certificate public keys
and  keys and certificate signatures specified in this document.

Ilari has an TLS implementation that supports Ed25519 and Ed448
certificate public keys and certificate signatures specified in this
document. The totally independent implementation interoperates with
GnuTLS 3.6.1.



> -----Original Message-----
> From: ilariliusvaara@welho.com [mailto:ilariliusvaara@welho.com] 
> Sent: Friday, January 05, 2018 11:34 AM
> To: Daniel Migault <daniel.migault@ericsson.com>
> Cc: curdle@ietf.org
> Subject: Re: [Curdle] draft-ietf-curdle-pkix-07 intended status
> 
> On Tue, Jan 02, 2018 at 04:37:55PM +0000, Daniel Migault wrote:
> > Hi IIlari,
> > 
> > Thank you for the follow up. I just received a few days ago a 
> > notification to complete the "Document Quality" section in the 
> > shepherd writeup which requires a a status on the implementations.
> > I sent a few hours a go a request to the co-authors of known 
> > implementations. If you are aware of such implementations, feel free 
> > to create a new project at [1].
> > 
> > You can also let us know on the mailing (with associated URLs) these 
> > projects so I can complete code stand as well as the shepherd writeup.  
> > I am happy to complete it today 😉
> > 
> > For the status you are correct but I believe it should not cause any issue. 
> 
> I do not have/know full implementation, however I do have a partial implementation in context of TLS:
> 
> - Ed25519/Ed448 PKIX public keys in certificates.
> - (Ed25519/Ed448 TLS exchange signatures -- covered by TLS docs)
> - Ed25519/Ed448 PKIX certificate signatures.
> 
> And GnuTLS 3.6.1 supports at least:
> 
> - Ed25519 PKIX private keys (at least v1)
> - Ed25519 PKIX public keys in certificates
> - (Ed25519 TLS exchange signatures -- covered by TLS docs)
> - Ed25519 PKIX certificate signatures.
> 
> 
> My implementation interoperates with GnuTLS 3.6.1 on TLS handshake with both Ed25519 server signature and  certificate signature.
> 
> - Server: My implementation, all settings at defaults.
> - Client: GnuTLS 3.6, all settings at defaults except trustpile
>   replaced with custom one.
> - Certificate 0: EE, Ed25519 key, Ed25519 signature.
> - Certificate 1: CA, Ed25519 key, RSA-PSS-SHA256 signature.
> - Certificate 2: CA, RSAEncryption key, RSA-PKCS1-SHA256 signature.
> - Certificate 3: CA, RSAEncryption key, self-signed. [Not sent].
> - Negotiated TLS versionn: TLS 1.2 + RENEGO + EMS.
> 
> (The key exchange used is ECDHE_ECDSA for technical reasons, however, there are no actual ECDSA used anywhere).
> 
> 
> Client status at end of handshake:
> 
> - Description: (TLS1.2)-(ECDHE-X25519)-(EdDSA-Ed25519)-(CHACHA20-POLY1305)
> - Session ID: (empty)
> - Ephemeral EC Diffie-Hellman parameters
>  - Using curve: X25519
>  - Curve size: 256 bits
> - Version: TLS1.2
> - Key Exchange: ECDHE-ECDSA
> - Server Signature: EdDSA-Ed25519
> - Cipher: CHACHA20-POLY1305
> - MAC: AEAD
> - Options: extended master secret, safe renegotiation,
> - Handshake was completed
> 
> 
> Server status at end of handshake:
> 
> 
> Handshake complete, crypto parameters:
>  - TLS version:              1.2
>  - Encryption:               Chacha20-Poly1305
>  - PRF:                      SHA-256
>  - Key Exchange:             X25519
>  - Server Signature:         Ed25519
>  - Triple Handshake attack:  Fixed
>  - OCSP stapling:            No
>  - Certificate Transparency: No
> 
> 
> -Ilari