Re: [Dance] draft-ietf-dance-client-auth-01 sec 8
Shumon Huque <shuque@gmail.com> Fri, 05 May 2023 02:26 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 173D5C1519B2 for <dance@ietfa.amsl.com>; Thu, 4 May 2023 19:26:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0LA3L0MJ8r2C for <dance@ietfa.amsl.com>; Thu, 4 May 2023 19:26:38 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C16CC1519A6 for <dance@ietf.org>; Thu, 4 May 2023 19:26:38 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id ca18e2360f4ac-760f29073b4so29611439f.2 for <dance@ietf.org>; Thu, 04 May 2023 19:26:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683253597; x=1685845597; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pdqVZjn6Um8RKsCLpBFI+u2Vnap0fdTk+lZKtRpCoNM=; b=TjfErp1CVtIBmgYoJGk4BlNph9k7bY5GBkBLNinbG2UNjliVy12FwPbWvZISXrFLoI uhCFs8hVvcqRurqG+iajKD3nMOirFXVV2v6Yi5KZD0p2Q79X4f/30DSWi/fJfG1uUXm8 hq1efvNKLIM8Z1S5mVcP535bTOWK7mUYhpO17eooNuyR7hfW+k10fUMnQmbl9t0qq10I 7ROSkbzHrHVn8AOBGVult+PrYuoavfu29wFQO8tl66UQET8rfprf4fbwFwBcDFICrGLO G51Devy2tLId7bRYF7+evHtWFq7Rv/Q823bJKeKcKZEThjBusD86Lzjw7VD6Un8P5wYO 1bJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683253597; x=1685845597; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pdqVZjn6Um8RKsCLpBFI+u2Vnap0fdTk+lZKtRpCoNM=; b=U5lOa9XfXdfuMzlXCb8k8ebbW1VmqkgwtAEm2A252ZFbET/4bgD0ZyeWqQffj4U5IU UbV+cFgVba1zZQyZxr6dnSv6er3pFzxcfBRf5BKEjUJW9kElOwYRbgHx7SebDDWA5M35 mRDhuTxOG5WIp/8YDt/tKi/jm0ynhuLa1ZmQTulV/szLetLUcTYTmQXdnyKyMfBu8reH mksLBz0UJVpNjqK4Q3bo3Ph8jOnRbNXH6EtEFFOZdRinPRJaolV0ohxaaQykK4+9DvIp FiaYZ8GI0TuFtrOVfEUHuVVIigMlkoxD5gtwXI1EPrFfj7uzRP6a0GTweFLCp6pE910U TxGw==
X-Gm-Message-State: AC+VfDyGUAG15lJW6KFCGS3cSW2oD//TSvQbHVBhtAu5Rjh25K8a9+Ru 7b+EPVA94EIDos0AuOnG5yuRPa+xgX8oKQllapk=
X-Google-Smtp-Source: ACHHUZ5U5Mo8tWRjDWk60fIcOQevdiyz1gMzV9M4trsFsbqX05s6fy+PMLwJbPmzNYr4QXf2oF5bIFGw9jTssdsx/qM=
X-Received: by 2002:a6b:f603:0:b0:763:bb4d:a415 with SMTP id n3-20020a6bf603000000b00763bb4da415mr535722ioh.18.1683253597134; Thu, 04 May 2023 19:26:37 -0700 (PDT)
MIME-Version: 1.0
References: <5cbfe2ef-6582-c0b7-181a-fb2fbdb521e1@htt-consult.com>
In-Reply-To: <5cbfe2ef-6582-c0b7-181a-fb2fbdb521e1@htt-consult.com>
From: Shumon Huque <shuque@gmail.com>
Date: Thu, 04 May 2023 22:26:26 -0400
Message-ID: <CAHPuVdX6fZy8qESjLwvdALp5zVVwaXDq_uhUYRQmdAFbQTTyjA@mail.gmail.com>
To: Robert Moskowitz <rgm-sec@htt-consult.com>
Cc: dance@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b962a105fae90438"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/xNYz8ls4Tbns84kaeTcU4CWbJ14>
Subject: Re: [Dance] draft-ietf-dance-client-auth-01 sec 8
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 May 2023 02:26:39 -0000
On Thu, May 4, 2023 at 9:50 AM Robert Moskowitz <rgm-sec@htt-consult.com> wrote: > Raw Public Keys > > Should Matching Type Field of '0' be included here that then it is > > 3 1 0 (SPKI) > Robert, I don't see a specific reason to restrict raw public keys to only matching-type 0, unless your application is also using the DNS to discover the client public keys. Can you elaborate on your rationale? > Since I am using EdDSA25519, the SPKI is 44 bytes. > I guess, matching type 2 (SHA512) makes less sense in that case since the data field part of the TLSA record will be larger than that. Shumon.
- [Dance] draft-ietf-dance-client-auth-01 sec 8 Robert Moskowitz
- Re: [Dance] draft-ietf-dance-client-auth-01 sec 8 Shumon Huque
- Re: [Dance] draft-ietf-dance-client-auth-01 sec 8 Robert Moskowitz