Re: [dane] New I-D on Authenticating Raw Public Keys with DANE TLSA
Sean Turner <TurnerS@ieca.com> Wed, 02 July 2014 17:26 UTC
Return-Path: <TurnerS@ieca.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15B2D1B291D for <dane@ietfa.amsl.com>; Wed, 2 Jul 2014 10:26:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.557
X-Spam-Level:
X-Spam-Status: No, score=-1.557 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_FSL_HELO_BARE_IP_2=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r-Y63n-hvXiO for <dane@ietfa.amsl.com>; Wed, 2 Jul 2014 10:26:51 -0700 (PDT)
Received: from gateway06.websitewelcome.com (gateway06.websitewelcome.com [69.93.243.29]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B8DE1B2846 for <dane@ietf.org>; Wed, 2 Jul 2014 10:26:51 -0700 (PDT)
Received: by gateway06.websitewelcome.com (Postfix, from userid 5007) id 69E21D7D991D2; Wed, 2 Jul 2014 12:26:48 -0500 (CDT)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway06.websitewelcome.com (Postfix) with ESMTP id A267DD7D1C78E for <dane@ietf.org>; Wed, 2 Jul 2014 12:18:47 -0500 (CDT)
Received: from [173.73.128.252] (port=52144 helo=192.168.1.10) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.82) (envelope-from <TurnerS@ieca.com>) id 1X2O9I-00045x-R8; Wed, 02 Jul 2014 12:16:54 -0500
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Sean Turner <TurnerS@ieca.com>
In-Reply-To: <201406210425.s5L4P2eo001257@new.toad.com>
Date: Wed, 02 Jul 2014 13:16:44 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8E325436-B2BE-40A4-A8D5-80407622222E@ieca.com>
References: <201406210425.s5L4P2eo001257@new.toad.com>
To: John Gilmore <gnu@toad.com>
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 173.73.128.252
X-Exim-ID: 1X2O9I-00045x-R8
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (192.168.1.10) [173.73.128.252]:52144
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 1
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/_zRoaOAmirTkhVmHxr2dC_siLQA
Cc: dane@ietf.org
Subject: Re: [dane] New I-D on Authenticating Raw Public Keys with DANE TLSA
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jul 2014 17:26:53 -0000
Two nits: 0) s3 contains the following: This SubjectPublicKeyInfo structure MUST be encoded in DER encoding [X.660] of Abstract Syntax Notation One (ASN.1) [X.208]. r/X.660/X.690 or just: This SubjectPublicKeyInfo structure MUST be encoded in DER encoding of Abstract Syntax Notation One (ASN.1) [X.690]. Personally, I think that’s not referring to the X.680/208 is fine because that’s what RFC 6898 did, but for completeness I could see using X.680 instead of X.208: This SubjectPublicKeyInfo structure MUST be encoded in DER encoding [X.690] of Abstract Syntax Notation One (ASN.1) [X.680]. If you decide to go with the X.680 reference (from PKIX): [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002, Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation. 1) s3: r/(from RFC 6699 section 2.1.1)/(from RFC 6698 section 2.1.1) spt On Jun 21, 2014, at 00:25, John Gilmore <gnu@toad.com> wrote: > In an effort to nudge along the process of standardizing the use of > DANE with TLS's use of raw public keys, I have written a short > Internet-Draft that defines how these keys can be authenticated by using > TLSA records. > > Name: draft-gilmore-dane-rawkeys > Revision: 00 > Title: Authenticating Raw Public Keys with DANE TLSA > Document date: 2014-06-20 > Group: Individual Submission > Pages: 7 > URL: http://www.ietf.org/internet-drafts/draft-gilmore-dane-rawkeys-00.txt > Status: https://datatracker.ietf.org/doc/draft-gilmore-dane-rawkeys/ > Htmlized: http://tools.ietf.org/html/draft-gilmore-dane-rawkeys-00 > Abstract: > This document standardizes how the Domain Name System can > authenticate Raw Public Keys. Transport Level Security now has the > option to use Raw Public Keys, but they require some form of external > authentication. The document updates RFC 6698 to allow the Domain > Name System to standardize the authentication of more types of keying > material. > > The TLS extension for raw public keys, which inspired this work, is > currently very late in the IETF publication process, but not quite > published, here: > > "Using Raw Public Keys in Transport Layer Security (TLS) > and Datagram Transport Layer Security (DTLS)" > https://www.rfc-editor.org/authors/rfc7250.txt > > John > > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane
- [dane] New I-D on Authenticating Raw Public Keys … John Gilmore
- Re: [dane] New I-D on Authenticating Raw Public K… Sean Turner