IETF Logo Mail Archive

Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00

Jim Fenton <fenton@bluepopcorn.net> Fri, 19 May 2017 18:58 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02ED712948A for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 11:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.102
X-Spam-Level:
X-Spam-Status: No, score=-0.102 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bA7Onv5EFaU2 for <dcrup@ietfa.amsl.com>; Fri, 19 May 2017 11:58:15 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 997AB129B04 for <dcrup@ietf.org>; Fri, 19 May 2017 11:58:14 -0700 (PDT)
Received: from splunge.local (c-67-187-243-206.hsd1.ca.comcast.net [67.187.243.206]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u1) with ESMTP id v4JIwCcR007261 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <dcrup@ietf.org>; Fri, 19 May 2017 11:58:14 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1495220294; bh=LHxvPI8gdQyDOAr7SoEx43gsSVHduZzgV+sO2AugoOs=; h=Subject:To:References:From:Date:In-Reply-To; b=bJB+vrXTZUQF+qdekYeRkbcftlS3y7e47TBMNuJqIBKxJJpJ4U8s0P+yAeySB5Mf9 M5HQSPJtjtozWsFBK/p78dKYoWzNit7c/03rUt42fSXw+KxunbgVUwlbXtllnjw56O 1vhCA6tT3Zt7do72Gn7lXSbikUEgMmmyHmYzX9VM=
To: dcrup@ietf.org
References: <b4089f9898264ce8a638605fcb1f93a8@usma1ex-dag1mb1.msg.corp.akamai.com> <20170519155006.5267.qmail@ary.lan> <88797f820fc540debef7d0fdb5f4cc92@usma1ex-dag1mb1.msg.corp.akamai.com> <alpine.OSX.2.21.1705191445560.6525@ary.qy>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <6f97637b-baff-03b4-6006-7a143719d2f1@bluepopcorn.net>
Date: Fri, 19 May 2017 11:58:09 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <alpine.OSX.2.21.1705191445560.6525@ary.qy>
Content-Type: multipart/alternative; boundary="------------EFB846DF723942F26238BE8B"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/6lMsk2g38qtuypKnn0Xd9vDSRZQ>
Subject: Re: [Dcrup] draft-ietf-dcrup-dkim-crypto-00
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 18:58:17 -0000

On 5/19/17 11:48 AM, John R Levine wrote:
>> Speaking as an individual, I'd like to emphasize what Mark said. 
>> ECDH is a key exchange protocol, not a signing protocol.  For
>> elliptic curve signatures, the document should use
>> https://datatracker.ietf.org/doc/draft-ietf-curdle-cms-eddsa-signatures/
>> which is now in IESG last call.  Note that the hash mechanism is
>> implicit in the signature algorithm.
>
> That's fine, like I said I don't purport to be a crypto expert.  Even
> better, send text.
>
>> The key fingerprint needs more clarification.  For 25519 keys, there
>> is a "natural and obvious" byte representation, but for RSA keys what
>> is being fingerprinted?  The DER OCTET STRING?
>
> IIM had key fingerprints.  Perhaps Jim can tell us what it did.

>From https://www.ietf.org/archive/id/draft-fenton-identified-mail-02.txt :

The fingerprint is created as follows: create the binary
representation of the RSA exponent (e) and modulus (n) and
concatenate them as e|n.  Run this value through SHA1 over the
full length and convert the first 12 bytes of the output of the
SHA1 operation to base 64.  That is, base64 (TRUNC (SHA1 ((e|n)),12)

-Jim

v2.23.0 | Report a Bug | By Email