IETF Logo Mail Archive

Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt

Brian Smith <brian@briansmith.org> Mon, 08 May 2017 18:46 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 134251294A8 for <curdle@ietfa.amsl.com>; Mon, 8 May 2017 11:46:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dt8ctQVM3FIu for <curdle@ietfa.amsl.com>; Mon, 8 May 2017 11:46:18 -0700 (PDT)
Received: from mail-it0-x231.google.com (mail-it0-x231.google.com [IPv6:2607:f8b0:4001:c0b::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D933128B51 for <curdle@ietf.org>; Mon, 8 May 2017 11:46:18 -0700 (PDT)
Received: by mail-it0-x231.google.com with SMTP id o5so72665708ith.1 for <curdle@ietf.org>; Mon, 08 May 2017 11:46:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ELbTtjDPPzz1LSUINCP/snN9sXJIkyQH8uWcUB3SXGE=; b=RM/JVr0jkzYOs1EaS8V7dTnVpjqZg0K7zLHKL/EB+F/WYt8PYj0TiH0atHwL72rmRY ww/NiBydwrjXsSN3JsxPKT9imHDbeVOyjkG+ApbQWXv4RYkI/rNZrpVbvHPGkgYRMija ZgvBqxwepG//28HKuH4NA/YUwCLnl/4gu65mq+BsRBz68ry9Aei0HAy8xoy5xFGqTX/I k9HJvAw88dahD38OjwSrQehwg7OEtDxl4y9sGC7Zlg/ojrpdES3XWc58Yu9lAz2Q5/IR 1QE04NFwsfuZVbrPfy7ogj+6nS8B+8itkJVvf+In30qxcHJx9zstAcr01h7Ic3BK/fa7 Drig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ELbTtjDPPzz1LSUINCP/snN9sXJIkyQH8uWcUB3SXGE=; b=eYKzwqNvJiNOFI0+7CN1NPf/tJRScVy/RoTA7vcKEqlvN2mapHjBM+Y5vCBDQMZFcl 9Pj+wfWPZ8/aytbKSzNnjlhiyEf3S22GCct0WzI5QXLaLP0fxBPgnT74Dcru/7zrxPy+ LAJJ2xjtVH+kBKaMAAzR1W2w98CKMVfnpMl2IPLCFPB7rmNV0yofpvKjEozJRNFGKqbp DNpElnLlJT7tZilFMvQXd3VD+gkcZ/6uFiTLfq3mTGfWbYPuH7TupqvoAwE9LJDL+Vok LAkFLwooZ2lDPk3VJNNCfhVzJIrARl0oGmGr7kGlG4BHgEyLBM/hXad3ztrHGUV1hJo1 KcKQ==
X-Gm-Message-State: AN3rC/5Vaqzxf//YT96s+IdRvnV0c1G4Bb3Tf9Gpyr3e7r22v/XhCuT+ dO9a+U0C0khduFzcyYO8wiYnyySG4FcS
X-Received: by 10.36.10.12 with SMTP id 12mr22861581itw.74.1494269177846; Mon, 08 May 2017 11:46:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.77.84 with HTTP; Mon, 8 May 2017 11:46:17 -0700 (PDT)
In-Reply-To: <CAF8qwaBHv3fYVs0DBGsEijJF2w+uo7iqTqy3stXhFasp9zRQPw@mail.gmail.com>
References: <149073663013.1172.4888065212435317707.idtracker@ietfa.amsl.com> <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com> <CAFewVt6-0WSqmwD7xVvKWDg3P9vNpFZDqB-n61hiU9qQp1c2cw@mail.gmail.com> <006d01d2c194$0e99b280$2bcd1780$@augustcellars.com> <CAFewVt4Lj7DMuVszGD6eht-3CJY6twaOao4J6KBTq4mTnYVFUQ@mail.gmail.com> <CAF8qwaCSVLJZMfy1eZ4hF4B3TUZyEdrL3VkkeiQ6TT=5mawUNg@mail.gmail.com> <007001d2c820$6fc202a0$4f4607e0$@augustcellars.com> <CAF8qwaBHv3fYVs0DBGsEijJF2w+uo7iqTqy3stXhFasp9zRQPw@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
Date: Mon, 08 May 2017 08:46:17 -1000
Message-ID: <CAFewVt4rH3B0h0qcH+UQc6vE3G+7K2CYTgx_dLqqSeeOcHLC7g@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Cc: Jim Schaad <ietf@augustcellars.com>, curdle <curdle@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/v1vRID-7L_6bX0F6M7UIfNKu_To>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 18:46:20 -0000

On David Benjamin <davidben@chromium.org> wrote:
> - When serializing without publicKey, serializing code SHOULD use v1
> (PrivateKeyInfo). v2 (OneAsymmetricKey) would also work, but this will be
> less compatible.

RFC 5958 says:
> version identifies the version of OneAsymmetricKey.  If publicKey
> is present, then version is set to v2 else version is set to v1.

This means if the publicKey is present, version MUST be v2. When
publicKey is absent, version MUST be v1. (This is what we want, for
interop with older implementations.)

> - When parsing and the version is v2, parse as OneAsymmetricKey. When
> parsing as OneAsymmetricKey, one MUST ignore trailing fields after the
> OPTIONAL publicKey.

I would rather not ignore trailing fields after publicKey.

> - When parsing and the version is anything else, reject. This is some
> invalid thing.

Yep, I agree.

Cheers,
Brian
-- 
https://briansmith.org/

v2.23.0 | Report a Bug | By Email