IETF Logo Mail Archive

Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03

str4d <str4d@i2pmail.org> Thu, 15 December 2016 06:42 UTC

Return-Path: <str4d@i2pmail.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9619E1299C0 for <curdle@ietfa.amsl.com>; Wed, 14 Dec 2016 22:42:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: YES
X-Spam-Score: 5.071
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.071 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_SORBS_HTTP=0.001, RCVD_IN_SORBS_SOCKS=1.927, RCVD_IN_SORBS_WEB=3.595, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IqEGB9OJKHMA for <curdle@ietfa.amsl.com>; Wed, 14 Dec 2016 22:42:18 -0800 (PST)
Received: from mail01.sigterm.no (mail01.sigterm.no [193.150.121.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E10F9129853 for <curdle@ietf.org>; Wed, 14 Dec 2016 22:42:17 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail01.sigterm.no (Postfix) with ESMTP id 479972E52AF for <curdle@ietf.org>; Thu, 15 Dec 2016 07:42:15 +0100 (CET)
Received: from mail01.sigterm.no ([127.0.0.1]) by localhost (pstalk.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5G8C46dla-E for <curdle@ietf.org>; Thu, 15 Dec 2016 07:42:15 +0100 (CET)
Received: from smtp.postman.i2p (i2p-outproxy01.privacysolutions.no [193.150.121.66]) by mail01.sigterm.no (Postfix) with ESMTP id E921C2E52A9 for <curdle@ietf.org>; Thu, 15 Dec 2016 07:42:12 +0100 (CET)
X-Virus-Scanned: clamav-milter 0.97 on milter.postman.i2p
To: David Benjamin <davidben@chromium.org>, Ilari Liusvaara <ilariliusvaara@welho.com>
References: <20161214105434.418FAADD1C@smtp.postman.i2p> <20161214121515.GA10791@LK-Perkele-V2.elisa-laajakaista.fi> <20161214132326.29D3BADD12@smtp.postman.i2p>
X-Mailer: smtp.postman.i2p - Official I2P Mailer
From: str4d <str4d@i2pmail.org>
MIME-Version: 1.0
In-Reply-To: <20161214132326.29D3BADD12@smtp.postman.i2p>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="1FPob3PhS0JkJsCbERDWG2357thri6XpO"
Message-Id: <20161215043852.11033ADD1E@smtp.postman.i2p>
Date: Thu, 15 Dec 2016 04:38:52 +0000
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/xWBU7oXNzkNgcmdpfrf5bm3NP74>
Cc: curdle@ietf.org
Subject: Re: [Curdle] Key examples in draft-ietf-curdle-pkix-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 06:42:19 -0000

On 12/15/2016 02:23 AM, David Benjamin wrote:
> On Wed, Dec 14, 2016 at 7:15 AM Ilari Liusvaara <ilariliusvaara@welho.com>
> wrote:
> 
>> On Wed, Dec 14, 2016 at 10:54:34AM +0000, str4d wrote:
>>> Hello,
>>>
>>> I am currently updating my EdDSA Java library to implement the current
>>> spec for key encoding [0] (previously I used
>>> draft-josefsson-pkix-eddsa-04 for public keys, and the equivalent in
>>> PKCS#8 format for private keys). The example public key given in
>>> draft-ietf-curdle-pkix-03 [1] passes my tests, however the example
>>> private key [2] does not.
>>>
>>> It appears that the private key material within the example is 34 bytes,
>>> but according to Section 3.2 of draft-irtf-cfrg-eddsa-08 [3] (which
>>> AFAICT the present draft defers to for encoding), the private key is the
>>> b-bit seed k, which is 32 bytes.
>>>
>>> Am I missing something? If the example keys in the present draft are
>>> correct, it would be helpful to add a reference that clarifies their
>>> exact encoding.
>>
>> Apparently the key is wrapped in OCTET STRING twice for some reason,
>> so the length is actually 32 bytes (the first 2 are second OCTET STRING
>> header).
>>
> 
> Is it too late to change that / was there any particular reason for this?
> Not that saving or using two bytes really matters, but it seems unnecessary
> when we already have an OCTET-STRING-shaped hole to put our octet string in.
> 

Additionally, it is somewhat strange that the same document
(draft-irtf-cfrg-eddsa-08) would define that the public key requires no
additional OCTET STRING wrapping, while the private key does. I
personally don't have a problem implementing it this way if that is what
the WG decides, but one of the two documents needs to be updated
regardless of whether or not this is changed (either to change it or to
clarify the encoding).

Cheers,
Jack

v2.23.0 | Report a Bug | By Email