Re: [Curdle] draft-ietf-curdle-pkix-00: a simplification proposal
Erwann Abalea <Erwann.Abalea@docusign.com> Fri, 22 July 2016 18:47 UTC
Return-Path: <Erwann.Abalea@docusign.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6890212DF07 for <curdle@ietfa.amsl.com>; Fri, 22 Jul 2016 11:47:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=docusign2com.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zrVviMyis9Qz for <curdle@ietfa.amsl.com>; Fri, 22 Jul 2016 11:47:47 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0120.outbound.protection.outlook.com [104.47.40.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E307212E08E for <curdle@ietf.org>; Fri, 22 Jul 2016 11:47:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=DOCUSIGN2COM.onmicrosoft.com; s=selector1-docusign-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=szmro89t5JAzO3Ha/YCCCyRQDwU0E8KM3zk3BXr5SCE=; b=ZbkMiLJwtEan4IkzDYeQUlaH9foVDS4rt+5ZerrXFQhP2KqIgRAzQBqNcRZAx+9BvKwo36Qy1HJo9xWh1DeN7tnApWcJsQ+DUTupCyKcTaWSv9s20OVTDau1aT1mJfPmnMmgiWYu+zaoigw1CjqX7Rjam/JJsz4zqzRF8kVe5CA=
Received: from BN3PR0401MB1395.namprd04.prod.outlook.com (10.161.209.154) by BN3PR0401MB1394.namprd04.prod.outlook.com (10.161.209.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.544.10; Fri, 22 Jul 2016 18:47:45 +0000
Received: from BN3PR0401MB1395.namprd04.prod.outlook.com ([10.161.209.154]) by BN3PR0401MB1395.namprd04.prod.outlook.com ([10.161.209.154]) with mapi id 15.01.0544.017; Fri, 22 Jul 2016 18:47:44 +0000
From: Erwann Abalea <Erwann.Abalea@docusign.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Thread-Topic: [Curdle] draft-ietf-curdle-pkix-00: a simplification proposal
Thread-Index: AQHR5ELk+yRC9yp5Q0G41cpW5aPpog==
Date: Fri, 22 Jul 2016 18:47:43 +0000
Message-ID: <7C22F8A6-88C0-469F-8D4F-BCBF11922B11@docusign.com>
References: <1463647224.3558.14.camel@redhat.com> <CAF8qwaAW8FJ2zt=7fEg=aYmGSbLyMFWU=4kgRCHBMk-vC_QJFQ@mail.gmail.com> <CADZyTkn1uxWMaJ2J7OMr6dJckvH1Ynzq3NZu6tSbBDR80Qgf9A@mail.gmail.com> <1553247361.41476124.1465542998520.JavaMail.zimbra@redhat.com> <015201d1caa9$ce55ac60$6b010520$@augustcellars.com> <CAF8qwaByGGP-GAUFUPjLQfhyZGbxn3UPK4BdQNNmRkYHAOR9Mg@mail.gmail.com> <2DD56D786E600F45AC6BDE7DA4E8A8C117F26424@eusaamb107.ericsson.se> <alpine.GSO.1.10.1606252348160.18480@multics.mit.edu> <20160722113642.GA24793@LK-Perkele-V2.elisa-laajakaista.fi> <6F0EA612-DB5F-43A4-899C-36C2956B5D3F@docusign.com> <20160722181825.GA26572@LK-Perkele-V2.elisa-laajakaista.fi>
In-Reply-To: <20160722181825.GA26572@LK-Perkele-V2.elisa-laajakaista.fi>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Erwann.Abalea@docusign.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [82.66.232.79]
x-ms-office365-filtering-correlation-id: c74e5b1c-b366-490c-7bd4-08d3b260aadd
x-microsoft-exchange-diagnostics: 1; BN3PR0401MB1394; 6:OrxArozSDy8/22VMCZeBmhDc58i587cBYANbEj5uukBPS8aKoeRx65CmaiUAXn2uFb338MbCAxZ6nyBFwZbF+LcG1CibJNBGlkAcAzKFY7fM/a+NQZ4S7IPFkKKJU8RG7Dinjw2t9kRk/4jdazlly11QV6a8q/ned5S/qjWdwARi55T/iEpeSoq+uuYdCcuvjoev90mSdCOJDmIjgBpsarepGoM5bJyRUNhccgiI8ISdpyfmjUO6pUPPId1F/ZL287k5xA81QNnI4XvplDrM8DlyCIwiJvvvKxnvRhCakz8=; 5:uij/3St2XnkeLbeu56FoDuDzE4dQ/rl7CDB69iF/jJD5JApsIo3803LNY7SufPk5sc8lMw3PZZmdtxIZ96nfnXb60uuVtk7DMWH1Xc3mEqAAtfYDy1CkqYEHm9mTT4OuFFMeBJg6Utg4XYdn4ec+EQ==; 24:Q9aMVB7pkut42WFDEWt7SYvMkoq+fSO2wym55KxcAFEU9JlrdJ0dsdpAVp9n6HzHfqjR2xFwQgtS2zwRIsRX92eNuT2HFTxoGltTusGwx3A=; 7:Ge6YQqaAI9AXFz6suju8Pat+8/PU2tx0SD2Kfpd83RZ+rLTjxydpH5bkvpcNBxeTOuBOq86K8/UIno7xIoWk3iifR5D2sbQVIPgcJ6yT/EqDVzup17bIj5onITKQ0nbjIa8/G9a2EWyMyqYC9ocgKjIXX5WdjMhHrFPlHT9BBsG0zdfwRqLL7PyDeRHYSzPRmt5Vi6sKUsKKpqOAUFfp8kNT5hB7dkJb9CfvFqUVQYyQf/H0liSazWLbX7ejdIqx
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0401MB1394;
x-microsoft-antispam-prvs: <BN3PR0401MB1394D1E9A655478F0DC3EAD69E0A0@BN3PR0401MB1394.namprd04.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:BN3PR0401MB1394; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0401MB1394;
x-forefront-prvs: 0011612A55
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(24454002)(199003)(189002)(305945005)(8936002)(7846002)(7736002)(189998001)(82746002)(19580405001)(36756003)(2950100001)(5002640100001)(2900100001)(83716003)(92566002)(110136002)(97736004)(66066001)(106116001)(106356001)(19580395003)(99286002)(77096005)(105586002)(54356999)(122556002)(93886004)(230783001)(87936001)(101416001)(50986999)(86362001)(76176999)(8676002)(2906002)(102836003)(81156014)(81166006)(6116002)(3846002)(3660700001)(586003)(3280700002)(33656002)(10400500002)(4326007)(68736007)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0401MB1394; H:BN3PR0401MB1395.namprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: docusign.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <60AF83A456D4E143A6D7171129C4CB06@namprd04.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: docusign.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2016 18:47:43.9836 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 237e701c-327f-4cad-a5a1-dda2412d89d9
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0401MB1394
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/tsfUYJsoUD89e0Tl3I6HKlhY_Js>
Cc: "curdle@ietf.org" <curdle@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
Subject: Re: [Curdle] draft-ietf-curdle-pkix-00: a simplification proposal
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2016 18:47:49 -0000
Bonsoir, > Le 22 juil. 2016 à 20:18, Ilari Liusvaara <ilariliusvaara@welho.com> a écrit : > > On Fri, Jul 22, 2016 at 06:00:11PM +0000, Erwann Abalea wrote: >> Bonjour, >> >> Hex dump of DER encoded thing isn’t nice. >> >> >> Using ASN.1 and RFC5912 modules: >> >> -- We need to contact Thawte Consulting, or Verisign, or whoever now >> owns the 1.3.101 OID arc, as OID hijacking is not allowed. > > 1.3.101.100 was used in the IETF -00 draft. I think I heard it got > allocated for EdDSA. I haven’t found an authoritative source for this. It’s not the first time, 1.3.6 belongs to DoD, but 1.3.6.1 was « self-allocated » in RFC1065. >> id-EdDSASignatureAlgorithm OBJECT IDENTIFIER ::= { iso(1) >> identified-organization(3) thawte(101) 101 } > > LAMPS recommendation was to use the same identifiers for signatures > and for keys. That’s what I read later. You can either keep the name but reuse the OID, or remove the id-sa-* OIDs and change the sa-* algorithms to use the id-pk-Ed* OIDs. >> id-EdXKeyAgreementAlgorithm OBJECT IDENTIFIER ::= { iso(1) >> identified-organization(3) thawte(101) 102 } > > I don't know what 1.3.101.102 is… That’s why there’s a commentary saying it needs to be discussed. sa-Ed* make use of the pk-Ed* keys. There’s no defined use of pk-X* keys, and they’re used for key agreement. Since in the message I replied to, you proposed the following DER encoded sigalg: 30 06 06 04 2B 65 64/65 01 Ed25519 It seemed you wanted to use 1.3.101.101 for signature algorithms, so I expanded to 1.3.101.102 for key agreement algorithms. But again, it’s a subject of discussion. > And besides, I have heard requests for a way of encoding X25519/X448 key > as X.509 SPKI. The proposed module does just that… It’s not mandatory to have an ASN.1 encoded value in the BIT STRING, but if you want to define one, feel free.
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Benjamin Kaduk
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Daniel Migault
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Jim Schaad
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Jim Schaad
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Rob Stradling
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Erwann Abalea
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Rob Stradling
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Rob Stradling
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Erwann Abalea
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Erwann Abalea
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Ilari Liusvaara
- [Curdle] draft-ietf-curdle-pkix-00: a simplificat… Nikos Mavrogiannopoulos
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Nikos Mavrogiannopoulos
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Daniel Migault
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Brian Smith
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Brian Smith
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… David Benjamin
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Russ Housley
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Daniel Migault
- Re: [Curdle] draft-ietf-curdle-pkix-00: a simplif… Nikos Mavrogiannopoulos