Re: [Curdle] [Editorial Errata Reported] RFC8410 (5709)
Jim Schaad <ietf@augustcellars.com> Sat, 04 May 2019 04:36 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56355120393 for <curdle@ietfa.amsl.com>; Fri, 3 May 2019 21:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgHkNwX-CQjB for <curdle@ietfa.amsl.com>; Fri, 3 May 2019 21:36:46 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37F3D120394 for <curdle@ietf.org>; Fri, 3 May 2019 21:36:46 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 3 May 2019 21:36:36 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'RFC Errata System' <rfc-editor@rfc-editor.org>, simon@josefsson.org, rdd@cert.org, kaduk@mit.edu, daniel.migault@ericsson.com, rsalz@akamai.com
CC: lijun.liao@gmail.com, curdle@ietf.org
References: <20190429123629.DE193B81EB8@rfc-editor.org>
In-Reply-To: <20190429123629.DE193B81EB8@rfc-editor.org>
Date: Fri, 03 May 2019 21:36:32 -0700
Message-ID: <01f301d50232$f55e8390$e01b8ab0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQHVaTHQM8kheeGAm/lgcXotd70r2KZZkyLA
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/stu6IGyN9WZlyqOKOVavn0UniEY>
Subject: Re: [Curdle] [Editorial Errata Reported] RFC8410 (5709)
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 May 2019 04:36:49 -0000
This is not a correct errata and I would label it as rejected. The certificate is a self-issued certificate not a self-signed certificate. Given that the algorithm for the key is "ECDH 25519 key agreement" it could not be used for signing. > -----Original Message----- > From: RFC Errata System <rfc-editor@rfc-editor.org> > Sent: Monday, April 29, 2019 5:36 AM > To: simon@josefsson.org; ietf@augustcellars.com; rdd@cert.org; > kaduk@mit.edu; daniel.migault@ericsson.com; rsalz@akamai.com > Cc: lijun.liao@gmail.com; curdle@ietf.org; rfc-editor@rfc-editor.org > Subject: [Editorial Errata Reported] RFC8410 (5709) > > The following errata report has been submitted for RFC8410, "Algorithm > Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 > Public Key Infrastructure". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata/eid5709 > > -------------------------------------- > Type: Editorial > Reported by: Lijun Liao <lijun.liao@gmail.com> > > Section: 10.2 > > Original Text > ------------- > - > > Corrected Text > -------------- > - > > Notes > ----- > The example certificate is a self-signed certificate containing X25519 public > key. Unlike standard EC public key, the public key for key exchange is NOT > the same as the one for digital signature in curve25519. That means, for the > same private key, the public keys for X25519 and for Ed25519 are different. > As a result, the public key in the self-signed certificate can NOT be used to > verify the signature. In this context, please replace the example certificate by > one containing the Ed25519 public key. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please use > "Reply All" to discuss whether it should be verified or rejected. When a > decision is reached, the verifying party can log in to change the status and > edit the report, if necessary. > > -------------------------------------- > RFC8410 (draft-ietf-curdle-pkix-10) > -------------------------------------- > Title : Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for > Use in the Internet X.509 Public Key Infrastructure > Publication Date : August 2018 > Author(s) : S. Josefsson, J. Schaad > Category : PROPOSED STANDARD > Source : CURves, Deprecating and a Little more Encryption > Area : Security > Stream : IETF > Verifying Party : IESG
- [Curdle] [Editorial Errata Reported] RFC8410 (570… RFC Errata System
- Re: [Curdle] [Editorial Errata Reported] RFC8410 … Jim Schaad