Re: [Curdle] New Version Notification for draft-mtis-lamps-8410-ku-clarifications-00.txt
Sean Turner <sean@sn3rd.com> Fri, 14 January 2022 04:07 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F30CB3A18F5 for <curdle@ietfa.amsl.com>; Thu, 13 Jan 2022 20:07:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hAG_96f_U-xB for <curdle@ietfa.amsl.com>; Thu, 13 Jan 2022 20:07:42 -0800 (PST)
Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D0A83A18F3 for <curdle@ietf.org>; Thu, 13 Jan 2022 20:07:34 -0800 (PST)
Received: by mail-qv1-xf2e.google.com with SMTP id bt14so3206656qvb.13 for <curdle@ietf.org>; Thu, 13 Jan 2022 20:07:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hxlBiGUoNW0eRaS+uvxDXGExiEOMyvQ0bKgP2tSvUao=; b=UPhXCgAVuhH4QnlRibLsGpcyP9YR0HnsNIocAY6FiEKNfKEQ6ltysv6H0J0wnxYx1q Mcrc7HdnK1dVDDlwhw6sDq2NcYHvGVgqhtTHItlFQdj9f4EQ3wRL5ZuGiXSxlwtOj3o+ xomA3uPYEOTosFVHCC+cKkyppbPeoiI1oFfdI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hxlBiGUoNW0eRaS+uvxDXGExiEOMyvQ0bKgP2tSvUao=; b=sXj/66MSoe4pehPTulJ0Wl8pUOWFfSiwuBKOv35bLZht59t5R0MoZ9tj6320PpZyRe CyXdWC9SUtoZMEfrWp/OmSZwJ8wHQvlHnjGH+I/0IPQ8BJMLpxw/io8dwwjklsNZgA8O 1eP+X6aIZHsKlRLaf8vTT9XpVxlDYOMbKNzga4BRqocSCUcgOVWAb3YgG+mcg7Dacs5p s3/jf+pNTaaahbRVw4jJGWtbau4J25+vtkmx2ffIJkDYfh9d1lPY/1paAewisIOAX4U6 SjyjWRYyQpKxL78XNTZsBo4h+DklnY5q7tOGNdU8iCL8gGyr4JZbobJXmtgmYnijwVeN dFEw==
X-Gm-Message-State: AOAM531ZBskNqFTdAOgLIR4qtt/LriElpPchpn3V+c0+srIn9bEcBTlk BeRrBn0zPjI5ByTxeq4b5cyPyA==
X-Google-Smtp-Source: ABdhPJw+yQD8bm+pmTU6qPnTYinrBNi5JuPs00BNwCq13PgnZI0Hw8zBiObYcGhiFA2ICU7Ijr3+xA==
X-Received: by 2002:a05:6214:62e:: with SMTP id a14mr6724607qvx.113.1642133253332; Thu, 13 Jan 2022 20:07:33 -0800 (PST)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id t9sm3407115qtw.48.2022.01.13.20.07.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jan 2022 20:07:32 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <B025018C-0C0E-4B33-BA82-5DBA2099F7D1@vigilsec.com>
Date: Thu, 13 Jan 2022 23:07:31 -0500
Cc: LAMPS WG <spasm@ietf.org>, curdle@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <030E511F-0C57-4032-93B9-E0DC34DB57E9@sn3rd.com>
References: <164196813912.10423.12752056700321106986@ietfa.amsl.com> <1C866AE7-94AF-4FA1-95C1-76D2F64BED7B@sn3rd.com> <B025018C-0C0E-4B33-BA82-5DBA2099F7D1@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/k-V0rgAVDh8bS01bhSOtESuKukk>
Subject: Re: [Curdle] New Version Notification for draft-mtis-lamps-8410-ku-clarifications-00.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2022 04:07:47 -0000
It does, it’s just in the prose before the list:
If the keyUsage extension is present in a certification authority
certificate that indicates id-Ed25519 or id-Ed448 in
SubjectPublicKeyInfo, then the keyUsage extension MUST contain
-> keyCertSign, and zero, or more of the following:
spt
> On Jan 12, 2022, at 15:55, Russ Housley <housley@vigilsec.com> wrote:
>
> Sean:
>
> I think that id-Ed25519 or id-Ed448 need to allow keyCertSign as well. Otherwise, a CA could not use these signature algorithms.
>
> Russ
>
>
>> On Jan 12, 2022, at 2:59 PM, Sean Turner <sean@sn3rd.com> wrote:
>>
>> LAMPS,
>>
>> Hi! While Ito-san and I were working on RFC 8813 (nee draft-ietf-lamps-5480-ku-clarifications, nee draft-turner-5480-ku-clarifications), Daniel McCarney asked whether we should write the same kind of clarifications for RFC 8410 [1] (algorithm identifiers for Ed25519, Ed448, X25519, and X448 in certificates). I had a look and exchanged some emails with Simon and it seems like it would be good to make sure there were the same clarifications for the x25519 and x448 identifiers that we had for the other identifiers … so we produced this I-D.
>>
>> Note: I am forwarding this I-D to LAMPS for consideration and not curdle knowing that curdle is planning to close. I also alerted the chairs and am cc’ing curdle so nobody is surprised. As this is basically, a do-over of RFC 8410 I am hoping that adopting/progressing this I-D will be non-controversial.
>>
>> Cheers,
>> spt
>>
>> [1] https://datatracker.ietf.org/doc/rfc8410/
>>
>>> Begin forwarded message:
>>>
>>> From: internet-drafts@ietf.org
>>> Subject: New Version Notification for draft-mtis-lamps-8410-ku-clarifications-00.txt
>>> Date: January 12, 2022 at 01:15:39 EST
>>> To: "Daniel McCarney" <daniel@binaryparadox.net>, "Sean Turner" <sean@sn3rd.com>, "Simon Josefsson" <simon@josefsson.org>, "Tadahiko Ito" <tadahiko.ito.public@gmail.com>
>>>
>>>
>>> A new version of I-D, draft-mtis-lamps-8410-ku-clarifications-00.txt
>>> has been successfully submitted by Sean Turner and posted to the
>>> IETF repository.
>>>
>>> Name: draft-mtis-lamps-8410-ku-clarifications
>>> Revision: 00
>>> Title: Clarifications for Ed25519, Ed448, X25519, and X448 Algorithm Identifiers
>>> Document date: 2022-01-12
>>> Group: Individual Submission
>>> Pages: 6
>>> URL: https://www.ietf.org/archive/id/draft-mtis-lamps-8410-ku-clarifications-00.txt
>>> Status: https://datatracker.ietf.org/doc/draft-mtis-lamps-8410-ku-clarifications/
>>> Html: https://www.ietf.org/archive/id/draft-mtis-lamps-8410-ku-clarifications-00.html
>>> Htmlized: https://datatracker.ietf.org/doc/html/draft-mtis-lamps-8410-ku-clarifications
>>>
>>>
>>> Abstract:
>>> This document updates RFC 8410 to clarify existing and specify
>>> missing semantics for key usage bits when used in certificates that
>>> support the Ed25519, Ed448, X25519, and X448 Elliptic Curve
>>> Cryptography algorithms.
>>>
>>>
>>>
>>>
>>> The IETF Secretariat
>>>
>>>
>>
>> _______________________________________________
>> Curdle mailing list
>> Curdle@ietf.org
>> https://www.ietf.org/mailman/listinfo/curdle
>
- [Curdle] Fwd: New Version Notification for draft-… Sean Turner
- Re: [Curdle] New Version Notification for draft-m… Russ Housley
- Re: [Curdle] New Version Notification for draft-m… Sean Turner
- Re: [Curdle] New Version Notification for draft-m… Sean Turner