Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
David Benjamin <davidben@chromium.org> Mon, 01 May 2017 16:17 UTC
Return-Path: <davidben@google.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DA461294F8 for <curdle@ietfa.amsl.com>; Mon, 1 May 2017 09:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MBx9aCJYu8ZC for <curdle@ietfa.amsl.com>; Mon, 1 May 2017 09:17:20 -0700 (PDT)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36B2812D0C3 for <curdle@ietf.org>; Mon, 1 May 2017 09:15:10 -0700 (PDT)
Received: by mail-pf0-x22e.google.com with SMTP id v14so76368234pfd.2 for <curdle@ietf.org>; Mon, 01 May 2017 09:15:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oUJ6hWxRNSfmk+2dZRywanYQW7Yuju8TzcMdP6X57mg=; b=ALnuv9/4ctYMym2yzZxQZF4AhLVElrP4+WwwuTIJfSv2+a4JZCkyLXA0fN5/gnXhMj 4ocaSpZjsLRLEta5ic4H85/r7EcIOKXNs+eYP3GNC/6y2vxI8Sr1IwisrWVhpLlL/Isb Dk4A9aD0o5qZuq9nJnzoR2ab0TpThYbLX6qQ0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oUJ6hWxRNSfmk+2dZRywanYQW7Yuju8TzcMdP6X57mg=; b=M5KfUxal4f6ofJ3Mu9TAjzjqaHfZwnDivTl/Si8R1/xWVqGKZK4AI+dNKYog/eNmYC HGM1jkyfZzcVyqs+1dAV+K6aXJJ5Rur5Fzi5cdZBUay4tU5JmT1HQBZ2C4/MO5NFiiWq avpXCwfv4U5OLHPzkWlYA1nz11bpD4kUS0Hslxwdjadvu7MMZAIlgQFkzrtgOq3U/Sxr iqOkETBoepbaKjLH/rEuAdD3J7USZbzIlB+9CG6nmOs+/SMqQxdcvdtDki4WNrOP0MIq d32yG4+lC1onU6fYBVbxf3g7Vx5NIflAEFJh8NpsEI5Zb/dz5ksESILbqY8djLty/pOe kl/w==
X-Gm-Message-State: AN3rC/6XXRVNF/ssAVecq389mkxjlAoRmnW0XRjQZTGleNTcCzuYTLV4 Wpwk+CiG65SA1eSu0hLtpx+g+1a3376o
X-Received: by 10.84.142.133 with SMTP id 5mr35249297plx.52.1493655309728; Mon, 01 May 2017 09:15:09 -0700 (PDT)
MIME-Version: 1.0
References: <149073663013.1172.4888065212435317707.idtracker@ietfa.amsl.com> <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com> <CAFewVt6-0WSqmwD7xVvKWDg3P9vNpFZDqB-n61hiU9qQp1c2cw@mail.gmail.com> <006d01d2c194$0e99b280$2bcd1780$@augustcellars.com> <CAFewVt4Lj7DMuVszGD6eht-3CJY6twaOao4J6KBTq4mTnYVFUQ@mail.gmail.com>
In-Reply-To: <CAFewVt4Lj7DMuVszGD6eht-3CJY6twaOao4J6KBTq4mTnYVFUQ@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Mon, 01 May 2017 16:14:58 +0000
Message-ID: <CAF8qwaCSVLJZMfy1eZ4hF4B3TUZyEdrL3VkkeiQ6TT=5mawUNg@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>, Jim Schaad <ietf@augustcellars.com>
Cc: curdle <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c11ac2a278ace054e78bac7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/mDmybmrxHQnlQlVDkxpSPxGc_Fk>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 May 2017 16:17:22 -0000
On Sun, Apr 30, 2017 at 8:17 PM Brian Smith <brian@briansmith.org> wrote: > Jim Schaad <ietf@augustcellars.com> wrote: > > It is not always possible to detect corruption when you store in an > unencrypted form. > > What kind of corruption would we not be able to detect? It is possible > that somehow the private key could get corrupted and that there could > be a corresponding corruption to the public key such that they match > again, but this seems extremely unlikely unless somebody simply > replaced the key pair with another key pair. > > > It would also not be possible to know if it was the private key or the > public key that has been corrupted, just that the two values do not match. > > This is the case with any kind of cryptographic check, including HMAC > or whatnot. > (Not that it matters, but, to that end, would detecting corruption not be just as easily served by stashing a checksum somewhere? If not external to the serialization, there is already that attributes field.) > > > However, unless this is documented in the draft one way or > > another as a MUST accept or a MUST NOT generate, I think > > it will be an interop nightmare. In particular, we should avoid > > the situation where some implementations produce v2 keys > > so they can add the publicKey field, and where other > > implementations reject v2 keys because they only parse v1, > > where the publicKey field isn't allowed. > > > > I have not heard that this is an issue today with DH keys. This > > makes me think that this is not going to be a big issue. I expect > > that most implementations would all for parsing v2 keys even if > > they then ignore the public key field. > > If that's the expectation then let's enshrine that in the spec by > saying that implementations MUST accept v2 keys for these types of > keys. > > In particular, I have seen PKCS#8 implementations that reject any v2 > PKCS#8 file instead of ignoring the extra fields. > As the author of one such PKCS#8 implementation, I'd simply missed that v2 PKCS#8 existed. Happy to add support (by way of ignoring the field probably, yeah). Lacking any useful text about what to do, I interpreted the version field to be analogous to RSAPrivateKey, another PKCS spec. There, an RFC 2437 implementation that attempted to be forwards-compatible (by accepting unknown versions and ignoring appended fields) would have been confused come RFC 3447, which decided v1 meant a semantically-incompatible otherPrimeInfos field. RFC 5958 continues this. It does use ASN.1 extension markers, but X.680 merely says "The action that is taken in each situation is determined by the ASN.1 specifier", and RFC 5958 does not appear to say anything. Is the intent that OneAsymmetricKey parsers accept a hypothetical v3 with further appended fields, or should they reject those to allow for RFC-3447-like changes? If so, how do they handle the version <=> extra field correspondence? A numerical comparison? Assume all unknown values are newer? The version number used in the ASN.1 tags corresponds to the symbolic name of the version constants, rather than the numerical value, so it's not obvious whether, say, defining v3(-1) would be acceptable. David
- Re: [Curdle] FW: New Version Notification for dra… Mehner, Carl
- Re: [Curdle] FW: New Version Notification for dra… Russ Housley
- [Curdle] FW: New Version Notification for draft-i… Jim Schaad
- Re: [Curdle] FW: New Version Notification for dra… Daniel Migault
- Re: [Curdle] New Version Notification for draft-i… David Schinazi
- Re: [Curdle] New Version Notification for draft-i… Tommy Pauly
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Jim Schaad
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… David Benjamin
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Ilari Liusvaara
- Re: [Curdle] FW: New Version Notification for dra… Jim Schaad
- Re: [Curdle] FW: New Version Notification for dra… David Benjamin
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… David Benjamin
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Jim Schaad
- Re: [Curdle] New Version Notification for draft-i… Russ Housley
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith
- Re: [Curdle] FW: New Version Notification for dra… David Benjamin
- Re: [Curdle] FW: New Version Notification for dra… Jim Schaad
- Re: [Curdle] FW: New Version Notification for dra… Brian Smith