Re: [Curdle] [Technical Errata Reported] RFC8080 (4935)
Ondřej Surý <ondrej.sury@nic.cz> Thu, 16 February 2017 11:11 UTC
Return-Path: <ondrej.sury@nic.cz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7410129A05 for <curdle@ietfa.amsl.com>; Thu, 16 Feb 2017 03:11:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxmGiPDhjEdF for <curdle@ietfa.amsl.com>; Thu, 16 Feb 2017 03:11:10 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0000C1299DA for <curdle@ietf.org>; Thu, 16 Feb 2017 03:11:09 -0800 (PST)
Received: from zimbra.rfc1925.org (calcifer.labs.nic.cz [217.31.192.138]) by mail.nic.cz (Postfix) with ESMTP id 0E10860118; Thu, 16 Feb 2017 12:11:08 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1487243468; bh=5plLBL6Q5EzaFSVDeeuaOVLQd3T/cJiOXEQGcVQCY4M=; h=Date:From:To; b=lwygN9/KLbrtzkSExEbYMiqlYm+ykTVEKOpe34FpUtMpM29hzOLuLB+INdjXxiD4D 5MM/hTR8cfs2XfUXfz8ZK84O5/mDwAkw7ifP+jSlso6CXWbN6RxHObJI2hss1xRCM/ R9HkgzgZZbKtUFKNz2liw+dDQsT+qbnAq4gFcZkY=
Date: Thu, 16 Feb 2017 12:11:07 +0100
From: Ondřej Surý <ondrej.sury@nic.cz>
To: rfc-editor <rfc-editor@rfc-editor.org>
Message-ID: <1365098723.22519.1487243467864.JavaMail.zimbra@nic.cz>
In-Reply-To: <20170216065420.9E5FEB820E1@rfc-editor.org>
References: <20170216065420.9E5FEB820E1@rfc-editor.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [217.31.192.138]
X-Mailer: Zimbra 8.7.0_GA_1659 (ZimbraWebClient - SAF10 (Linux)/8.7.0_GA_1659)
Thread-Topic: RFC8080 (4935)
Thread-Index: KWWEkZrGFZjs0ORxNx7XO7UOAIb6Aw==
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/pstMJ3EI6YcvSoY-s4J2k6cs1cs>
Cc: Daniel Migault <daniel.migault@ericsson.com>, Rich Salz <rsalz@akamai.com>, text/plain@rfc-editor.org, curdle <curdle@ietf.org>, charset=UTF-8@rfc-editor.org, Kathleen Moriarty ietf <Kathleen.Moriarty.ietf@gmail.com>, me+ietf@tomthorogood.co.uk, edmonds <edmonds@mycre.ws>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Curdle] [Technical Errata Reported] RFC8080 (4935)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2017 11:11:13 -0000
I have fixed the mentioned bugs in my dnskey.py and I can confirm the erratum is correct. Cheers, Ondrej -- Ondřej Surý -- Technical Fellow -------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Milesovska 5, 130 00 Praha 3, Czech Republic mailto:ondrej.sury@nic.cz https://nic.cz/ -------------------------------------------- ----- Original Message ----- > From: "rfc-editor" <rfc-editor@rfc-editor.org> > To: "Ondřej Surý" <ondrej.sury@nic.cz>, "edmonds" <edmonds@mycre.ws>, "Stephen Farrell" <stephen.farrell@cs.tcd.ie>, > "Kathleen Moriarty ietf" <Kathleen.Moriarty.ietf@gmail.com>, "Daniel Migault" <daniel.migault@ericsson.com>, "Rich > Salz" <rsalz@akamai.com> > Cc: me+ietf@tomthorogood.co.uk, "curdle" <curdle@ietf.org>, text/plain@rfc-editor.org, charset=UTF-8@rfc-editor.org > Sent: Thursday, 16 February, 2017 07:54:20 > Subject: [Technical Errata Reported] RFC8080 (4935) > The following errata report has been submitted for RFC8080, > "Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=8080&eid=4935 > > -------------------------------------- > Type: Technical > Reported by: Tom Thorogood <me+ietf@tomthorogood.co.uk> > > Section: 6 > > Original Text > ------------- > 6. Examples > > 6.1. Ed25519 Examples > > Private-key-format: v1.2 > Algorithm: 15 (ED25519) > PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI= > > example.com. 3600 IN DNSKEY 257 3 15 ( > l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4= ) > > example.com. 3600 IN DS 3613 15 2 ( > 3aa5ab37efce57f737fc1627013fee07bdf241bd10f3b1964ab55c78e79 > a304b ) > > example.com. 3600 IN MX 10 mail.example.com. > > example.com. 3600 IN RRSIG MX 3 3600 ( > 1440021600 1438207200 3613 example.com. ( > Edk+IB9KNNWg0HAjm7FazXyrd5m3Rk8zNZbvNpAcM+eysqcUOMIjWoevFkj > H5GaMWeG96GUVZu6ECKOQmemHDg== ) > > > > Sury & Edmonds Standards Track [Page 3] > > RFC 8080 EdDSA for DNSSEC February 2017 > > > Private-key-format: v1.2 > Algorithm: 15 (ED25519) > PrivateKey: DSSF3o0s0f+ElWzj9E/Osxw8hLpk55chkmx0LYN5WiY= > > example.com. 3600 IN DNSKEY 257 3 15 ( > zPnZ/QwEe7S8C5SPz2OfS5RR40ATk2/rYnE9xHIEijs= ) > > example.com. 3600 IN DS 35217 15 2 ( > 401781b934e392de492ec77ae2e15d70f6575a1c0bc59c5275c04ebe80c > 6614c ) > > example.com. 3600 IN MX 10 mail.example.com. > > example.com. 3600 IN RRSIG MX 3 3600 ( > 1440021600 1438207200 35217 example.com. ( > 5LL2obmzdqjWI+Xto5eP5adXt/T5tMhasWvwcyW4L3SzfcRawOle9bodhC+ > oip9ayUGjY9T/rL4rN3bOuESGDA== ) > > 6.2. Ed448 Examples > > Private-key-format: v1.2 > Algorithm: 16 (ED448) > PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x > 8wWbDDct/U3FhYWA > > example.com. 3600 IN DNSKEY 257 3 16 ( > 3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx > 1FYYUcJKm1MDpJtIA ) > > example.com. 3600 IN DS 9713 16 2 ( > 6ccf18d5bc5d7fc2fceb1d59d17321402f2aa8d368048db93dd811f5cb2 > b19c7 ) > > example.com. 3600 IN MX 10 mail.example.com. > > example.com. 3600 IN RRSIG MX 3 3600 ( > 1440021600 1438207200 9713 example.com. ( > Nmc0rgGKpr3GKYXcB1JmqqS4NYwhmechvJTqVzt3jR+Qy/lSLFoIk1L+9e3 > 9GPL+5tVzDPN3f9kAwiu8KCuPPjtl227ayaCZtRKZuJax7n9NuYlZJIusX0 > SOIOKBGzG+yWYtz1/jjbzl5GGkWvREUCUA ) > > > > > > > > > > > > Sury & Edmonds Standards Track [Page 4] > > RFC 8080 EdDSA for DNSSEC February 2017 > > > Private-key-format: v1.2 > Algorithm: 16 (ED448) > PrivateKey: WEykD3ht3MHkU8iH4uVOLz8JLwtRBSqiBoM6fF72+Mrp/u5gjxuB1DV6NnPO > 2BlZdz4hdSTkOdOA > > example.com. 3600 IN DNSKEY 257 3 16 ( > kkreGWoccSDmUBGAe7+zsbG6ZAFQp+syPmYUurBRQc3tDjeMCJcVMRDmgcN > Lp5HlHAMy12VoISsA ) > > example.com. 3600 IN DS 38353 16 2 ( > 645ff078b3568f5852b70cb60e8e696cc77b75bfaaffc118cf79cbda1ba > 28af4 ) > > example.com. 3600 IN MX 10 mail.example.com. > > example.com. 3600 IN RRSIG MX 3 3600 ( > 1440021600 1438207200 38353 example.com. ( > +JjANio/LIzp7osmMYE5XD3H/YES8kXs5Vb9H8MjPS8OAGZMD37+LsCIcjg > 5ivt0d4Om/UaqETEAsJjaYe56CEQP5lhRWuD2ivBqE0zfwJTyp4WqvpULbp > vaukswvv/WNEFxzEYQEIm9+xDlXj4pMAMA ) > > Corrected Text > -------------- > 6. Examples > > 6.1. Ed25519 Examples > > Private-key-format: v1.2 > Algorithm: 15 (ED25519) > PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI= > > example.com. 3600 IN DNSKEY 257 3 15 ( > l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4= ) > > example.com. 3600 IN DS 3613 15 2 ( > 3aa5ab37efce57f737fc1627013fee07bdf241bd10f3b1964ab55c78e79 > a304b ) > > example.com. 3600 IN MX 10 mail.example.com. > > example.com. 3600 IN RRSIG MX 15 2 3600 ( > 1440021600 1438207200 3613 example.com. ( > oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jPGrHpjQeRAvTdszaPD+QLs3f > x8A4M3e23mRZ9VrbpMngwcrqNAg== ) > > > > Sury & Edmonds Standards Track [Page 3] > > RFC 8080 EdDSA for DNSSEC February 2017 > > > Private-key-format: v1.2 > Algorithm: 15 (ED25519) > PrivateKey: DSSF3o0s0f+ElWzj9E/Osxw8hLpk55chkmx0LYN5WiY= > > example.com. 3600 IN DNSKEY 257 3 15 ( > zPnZ/QwEe7S8C5SPz2OfS5RR40ATk2/rYnE9xHIEijs= ) > > example.com. 3600 IN DS 35217 15 2 ( > 401781b934e392de492ec77ae2e15d70f6575a1c0bc59c5275c04ebe80c > 6614c ) > > example.com. 3600 IN MX 10 mail.example.com. > > example.com. 3600 IN RRSIG MX 15 2 3600 ( > 1440021600 1438207200 35217 example.com. ( > zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVioYZXFdT410QPRITQSqJSnzQ > oSm5poJ7gD7AQR0O7KuI5k2pcBg== ) > > 6.2. Ed448 Examples > > Private-key-format: v1.2 > Algorithm: 16 (ED448) > PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x > 8wWbDDct/U3FhYWA > > example.com. 3600 IN DNSKEY 257 3 16 ( > 3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx > 1FYYUcJKm1MDpJtIA ) > > example.com. 3600 IN DS 9713 16 2 ( > 6ccf18d5bc5d7fc2fceb1d59d17321402f2aa8d368048db93dd811f5cb2 > b19c7 ) > > example.com. 3600 IN MX 10 mail.example.com. > > example.com. 3600 IN RRSIG MX 16 2 3600 ( > 1440021600 1438207200 9713 example.com. ( > 3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLmjInI8w1CMB29FkEAIJUA0am > xWndkmnBZ6SKiwZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQvE581N3Aj/ > JtIyaiYVdnYtyMWbSNyGEY2213WKsJlwEA ) > > > > > > > > > > > > Sury & Edmonds Standards Track [Page 4] > > RFC 8080 EdDSA for DNSSEC February 2017 > > > Private-key-format: v1.2 > Algorithm: 16 (ED448) > PrivateKey: WEykD3ht3MHkU8iH4uVOLz8JLwtRBSqiBoM6fF72+Mrp/u5gjxuB1DV6NnPO > 2BlZdz4hdSTkOdOA > > example.com. 3600 IN DNSKEY 257 3 16 ( > kkreGWoccSDmUBGAe7+zsbG6ZAFQp+syPmYUurBRQc3tDjeMCJcVMRDmgcN > Lp5HlHAMy12VoISsA ) > > example.com. 3600 IN DS 38353 16 2 ( > 645ff078b3568f5852b70cb60e8e696cc77b75bfaaffc118cf79cbda1ba > 28af4 ) > > example.com. 3600 IN MX 10 mail.example.com. > > example.com. 3600 IN RRSIG MX 16 2 3600 ( > 1440021600 1438207200 38353 example.com. ( > E1/oLjSGIbmLny/4fcgM1z4oL6aqo+izT3urCyHyvEp4Sp8Syg1eI+lJ57C > SnZqjJP41O/9l4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICUSxv5OWbf81 > Rq7Yu60npabODB0QFPb/rkW3kUZmQ0YQUA ) > > Notes > ----- > The script used to generate the examples (see > https://gitlab.labs.nic.cz/labs/ietf/blob/master/dnskey.py) contains two errors > that make the RRSIG records in the example section invalid. > 1. The script fails to print the algorithm identifier (15 & 16, TBD1 & TBD2 in > earlier drafts) for RRSIGs, and > 2. the implementation of label counting includes the root zone as a label, > giving an incorrect count of 3 rather than 2. > > The first bug is more cosmetic but does result in unparsable RRSIG records, > while the second bug causes invalid signatures to be produced. > > With these two bugs corrected (and no other changes) the script produces valid > examples which are included in the correction above. They have been > successfully tested with an independent implementation of RFC 8080 based on > https://github.com/miekg/dns & https://godoc.org/golang.org/x/crypto/ed25519 . > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8080 (draft-ietf-curdle-dnskey-eddsa-03) > -------------------------------------- > Title : Edwards-Curve Digital Security Algorithm (EdDSA) for > DNSSEC > Publication Date : February 2017 > Author(s) : O. Sury, R. Edmonds > Category : PROPOSED STANDARD > Source : CURves, Deprecating and a Little more Encryption > Area : Security > Stream : IETF > Verifying Party : IESG
- [Curdle] [Technical Errata Reported] RFC8080 (493… RFC Errata System
- [Curdle] Fwd: [Technical Errata Reported] RFC8080… Stephen Farrell
- Re: [Curdle] [Technical Errata Reported] RFC8080 … Ondřej Surý
- Re: [Curdle] [Technical Errata Reported] RFC8080 … Stephen Farrell