Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add

"Mark D. Baushke" <mdb@juniper.net> Sat, 10 June 2017 19:16 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A6CB129468 for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 12:16:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afYyz6dw7uSG for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 12:16:17 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0126.outbound.protection.outlook.com [104.47.34.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE93B129466 for <dcrup@ietf.org>; Sat, 10 Jun 2017 12:16:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dIHu5xxyFA1oYbR+j510CepGixks4huB81IqlY/nH7M=; b=fitKZRhm3hqjs6LSJvJI/PmCoV/8bbOtPgPsq7K3keRZr2xHx0JPTd3OX8IHgQvzTXBl3kz+Q1G3fnXrBq1w/CGUe4izQzhhXGrjguHalZZLOs3zxVXkP9mBatfZTzTGpTCEOZa2NY/3fag5t30kQ99TNMF4NskajNurOCe7lNg=
Received: from BY1PR0501CA0035.namprd05.prod.outlook.com (10.162.139.45) by SN1PR05MB1984.namprd05.prod.outlook.com (10.162.132.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1157.9; Sat, 10 Jun 2017 19:16:16 +0000
Received: from DM3NAM05FT028.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::203) by BY1PR0501CA0035.outlook.office365.com (2a01:111:e400:4821::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1178.5 via Frontend Transport; Sat, 10 Jun 2017 19:16:16 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT028.mail.protection.outlook.com (10.152.98.139) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1143.19 via Frontend Transport; Sat, 10 Jun 2017 19:16:15 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sat, 10 Jun 2017 12:16:03 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v5AJG2TP021469; Sat, 10 Jun 2017 12:16:02 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id D61EC1144E; Sat, 10 Jun 2017 12:16:01 -0700 (PDT)
To: John R Levine <johnl@taugh.com>
CC: Eric Rescorla <ekr@rtfm.com>, dcrup@ietf.org
In-Reply-To: <alpine.OSX.2.21.1706101344460.16992@ary.qy>
References: <20170610125545.14232.qmail@ary.lan> <CABkgnnUAJ6ix3pMB_Y792QOCqRSp2qA9oTSyUCbXP_=P5HRwGA@mail.gmail.com> <CABcZeBMAmjVaJCJwB-qZSpTX0aS-oi1mTduHCdLCM33dWj9P-Q@mail.gmail.com> <alpine.OSX.2.21.1706101205270.16559@ary.qy> <CABcZeBM_P4C8xYDmMEbhAbs1tVPVWk6+UgT7vAcktSNtjVyXCg@mail.gmail.com> <alpine.OSX.2.21.1706101211200.16559@ary.qy> <CABcZeBN9r9XdsJVayMcUE03WJv74MOsefVdwb-CdchVbaKdT1Q@mail.gmail.com> <alpine.OSX.2.21.1706101344460.16992@ary.qy>
Comments: In-reply-to: John R Levine <johnl@taugh.com> message dated "Sat, 10 Jun 2017 13:48:28 -0400."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sat, 10 Jun 2017 12:16:01 -0700
Message-ID: <81246.1497122161@eng-mail01.juniper.net>
Sender: mdb@juniper.net
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(979002)(6009001)(39860400002)(39840400002)(39450400003)(39850400002)(39400400002)(39410400002)(2980300002)(189002)(199003)(9170700003)(53416004)(6246003)(6266002)(110136004)(93886004)(7846003)(6392003)(478600001)(189998001)(2950100002)(6916009)(4326008)(305945005)(117636001)(47776003)(55016002)(7126002)(5660300001)(356003)(106466001)(38730400002)(229853002)(50986999)(81166006)(53936002)(76176999)(105596002)(8676002)(54356999)(5003940100001)(54906002)(7696004)(77096006)(86362001)(48376002)(76506005)(575784001)(2810700001)(2906002)(50466002)(8936002)(42262002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR05MB1984; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:ovrnspm; MX:1; A:1; PTR:InfoDomainNonexistent; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT028; 1:H+Hi90d79dZu/ZMGxmFuyxiBCyJg9bRXmXjlSxezLy+GTh0vM0mgzV332KISKzUpsJ4NfapRIxt8cTKynSQWa7DNnPLE8WxsUUYJ83uFBOLnZi1wF0KVlMs94bWq22VGjBq8knqTZ9M8h2T1TPfEVybQLFDHo/rxx4SWeKodHi7cQLkWpOnNeZmgvNhTiFduN6pamBRtbugcCF3aQJGBvvWs0w+ikG1fBXTzqDjATU6tdeH46iqpzR/B+CRnhbUMuzUccxJprJ8QZMhaZjHFqB+cM7/uqxFoz67CSo7IqNJXJMbo7/HlWJYGRTNxCoD4HRvPZd6Zl8Mb1fX56E5PXdBE1mIdngWoPN0yOrWYzNaoECeYD8xZsuUj3yb7OAfgnWnZNAe3uLLlFvGI4lxHKnrPtJN1JWByAd+FdGdi74qvMv5+uWo5nG91t6sMclND504oBFfKyCjfA/3Qf94+43ji695qs+RVe1LHXqPUFgvsLogid2mi+0L16dC0UtOAWZITIrX8J3NPqu9DyGvnlz1QUGlnmpoIMVUHISPLRJ5K7aCoEkVIv6i4nL92pMdT
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PR05MB1984:
X-MS-Office365-Filtering-Correlation-Id: 7643d704-ab56-46bf-05ac-08d4b0352a97
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:SN1PR05MB1984;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 3:Mu0m3/fpvW5OtEF9TmDqhdbDk4IaGC7fwYRpT5YdbfufJ5NQdVa0E6t3A9QITRYSduF080oQdmjpn9h4+bcKKJnb2yIdBKOEno7L8Xx+JeFXYa4RJnDhOSlP9Q81f6WAY6pAdFtzWWcb4uFtKo1gXLHDgn2BS+XhLNZ0ubSK/d6fwZXyPCR4P4+JHiFRERIyaGhPyu4rGJPD1+Edsa7YkJ1OUORrRg2UfI4vSJQQY4r4+TZXBaYdrdH6AogK/4EQ6IstFupEbRDVMMeQV7ZttrFcaJOKEjGxDC/zzr+HV1nTNMC3CEwqEmLoylcVWg5txHQb6mLuupopuzPJVwKXkB0dZRsMd1wyB5nF09wyglKVjUa7iXI12LqePgqI/68dLRc9OBvDRNv9ubDxiNhf4X0tW75e4Lzrpo16ZGy/VWZ/L8mVsFk6TVQ9UO+9PlCdJXDXF+Z03Oz/zyI6VHp+7Q==
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 25:CzuLkp0hcMi1HwNuNp8FyFbl80xKKLh7u+EKqY6LhIH/sBuofroZy0EaibltrRuDE5QxuFyfIzgg1LoOYE0mxNSGu+oFfWkhMDrgdpi+q1ggFdGBNPS1fUnEW8dXSVGII/Lk6mN+A9AtEkLcuM8cKW9lDbSj0xdXibbr4pnEPxbYvCK8tubdac4rq50V9qVu1cJr2+tdNXHE+3onvnFXWjX0fikYh7ICMQPXSu6/j4eEvINoLVnRGzYx+IKH2H0s3+DWW6FWxzlwOhkwGTvyGh2SLn9/Ik0JgPkIVwJPp25iWBS+7QeoQMWG9PibK99Sm88d2lXu4wJsi6TOJLV2Ej4PgVp1rItj30NejVZHQDNTd+sqstyDsx9HV4KkljhiTu9gPmLmqBMHWRmCQlsJ2jQQ58LKY8g6jS+2jZaBdq5Og+kBMrxf87ZdyMuLj5B0pA13hUpoZa2cBQXdwPHjnJuxLemHyUiFCk+/L6TyRrA=; 31:otTEK0OIXMaV5U1fhbCHGEOy39x8M5f3YM9s0xM168kiT+d3NnbcBAUtjwYzvRfyVKtREgNFfUobBgyz7n34UDbVK4089AN2rrW93/qQiLl/1f01kz/rd34fvetLwYmdOnYB0IAIDvriMrDUXWtXGoWL2tfLp3e3bdVoOn0zOFz3CpJ0vfmvr7gWxvgbCaME1HCvevawI9hk/wWrdgco4Hi13voQogyiEQxpPHQ/0ijOwlsj+cUKxhRPUew4bfxUS25IcGqxribOyg5DnnOREQ==
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 20:KRYyTgXtTUKVzclFV6KD4xrzkZ1BYO/E4O6xQq5LWw3r0iG9WKDnRDswat8Vfrbjjf8d+SlDTiP8VJrHh9vS0oemfW4gFZ9UlaqYTgXQTU2R2YPutwwTiOUjctGGlP4YC+EgXEgJW8Gyzb/OCfJqeZ6V4Fw4kd2/+Wv4+g5PF/hyUZCOQpzzS3+M1QKmVstDun+Uhp8oKvVUySZD8KU2f7SAnjj9H+MTE3e4Gm1MR3mtuDWU2jFAapovBFag7YtYN2gD2MJxbd5eWkW04PVN5zBu5B6pE7XHjazAKHxeOUfvrzal6kKHIcIYJUGeeyktbbzUqtjjqu6heBgFw+lRQDF3QPKW4THRII8mkdgFLL7ZlHNgqMUWbY2CejczWzSNHkTBNljOv74FZGDvtw6ItilJUuMQioHr5+0f+eIpCj8zmUjg+Yqrsd2GcqT5vREjxIgwrJhN3+2pyklmhLbYZBZ8lQgDnw2Q1jbU22bAQYvvR4PoHtoz7Thit6NQuh8n
X-Microsoft-Antispam-PRVS: <SN1PR05MB1984D402C866ADB55B835651BFCF0@SN1PR05MB1984.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(13018025)(13016025)(3002001)(10201501046)(100000703101)(100105400095)(93006095)(93003095)(6055026)(6041248)(20161123564025)(20161123562025)(20161123560025)(20161123558100)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR05MB1984; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR05MB1984;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 4:yR78KkqT/yN/zMj/vCkSC8Tq+v0qIOYr+gFhKU2NCOfs+5PGU08d9yHJ/wE9+yMftsRJJbIc0aRayOIxmCIFcA9zcG61bzzXF+wbnjBn+7gFU7A/oF1nQOWnGiaSRfdf11pJMgSN7pms1kCVyozkbYHCZ0SMkH0h0VQ4TlJpaHidtZl59nLVqdBnCzPFZtlPRIDASgSSyz6TnjbRB7BUGAvGqVzbRu3z9WPqT16AnKi8DAHuJyvfB5pTNPhcA7XYo7kSvPyWCfo8WxEw7QGInCCwj6e73wq4lWBFxZO9xgBbqykTF66jrj5EyIMVIye2lNS3OT/0fe7cWXBfMAjV5HAxzwXhWUwHMINVLCT077xKDxZLfEstDTmr7+KwywF+6EJz4PRh4HYygNrOd8xd4m3/O3U9585t+av7n9C+/lT3SPdmjFWx4WRabxw+AkF70wRfxT2jdSprxqoOjlkfFV7vAPL0Y9+/MadSHZO//w9IlBeqCTOWEu0f9mgxr6UEtMEFwuNuPENqR77J5Rm1Ff1bT3H7PL1t1k4ronv1Dq7J1b1C9CcAIyxuBTvECaa0Br6nWOYLpzzVstVqtLMkkarXQj4AtR5SsCLzjPZDnQ43RNn8BVYYNUxxKEB8nEejLRLmD+ynL3hE1FXwKYAWmkI7uZZEW5/UITUABjvQrbo6nlTyneBfAo2dA21oVUg0sAEpdv2ilr6/ICxM/B29pfCMfcZSPH5P9kPu8dGF7EW0WTpSBQAH3XjLxyVHPc//eXjyRL0gl4W1etZF22IHcFud3aNDkTDQfFNdqWGyJIrmFrkyHeRDVrMJrZ5vlhc8JG9vJNphNhFwJbXIjqsP00H+YhWLvQqtqPgeXlDPksmWduOkcdNo53d/QeftOFO67Gr76F0ExecfD+lKjWvfa9FVIoFoto87TSNCk3jEzr7OsNO15M4CxozACFe40AG0H18CSKAFnIYljMFQvAP1DsZ85mXs0FhMZbqmjT4kfbH6UfSuS1TLTFTjWrOxvkYoCaqHd50NijB91sYhOEE1/rEyt6CiL16zEZH8M0dBlGw5x96kF+AWOGlenGLLhBiIHDteohG/PrSxFj/UpVZR9CUtSvjjCi0kYLFwFG52JehUDO0gFCUXyuIJqY6E991qCS3+NUIK9D3Aa33e9te94+uWUB+4qXHvBZgeioSXDp9ogq0UkS0hk6Wn4GlMjqQm
X-Forefront-PRVS: 0334223192
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 23:ywwfQZYxfev92TjZUapdQ7XLZtvgk3VV0hwg6Qqm9kWJGAXmhs5UXGvb9q9I0uF7tQweJ0OCrgy5aqNGZf1647EHaR8yc7ByPnYajmdMYRFiYk0E+Iba9eyccDMaAofFLngD5wab3Ku16PBKmYuv503kiEmwM5I25Myqu+XwSfQssecq1GZO1aUd3K6NeC1RghF1zO221msIRl35KfeCQTO9IOunZJhRSU1PkpNUAy5AYCP/0IY48+8O++qnK6ev69UJbiTBetmb7RZVQOby2HCwPuLVtM89YMZiH4EA454R00jnat1xzWkhBp56IWUS1Snmzoz5LXbNevduUI7oytKcOEuj0TT+RN6jW7dhXd2DCJjpiplu44199fO61hbor5OMtjGDVsgs7TSzkguMRsfm/Uw1Lk2zRXnyU+wvGT9yklZ1fBoc9BYnZNCxnEp8fLz+p5GiiqlwYnHq6wIRe0DbhxGJLusMm2zAG4s9Ga+7sPrTNbOHo5ykk7dLkKnPN/CEXGb1eKlpZU8oAszSVPRbqnQJ5q6GmzNE0IPxmvkEAELy4MsqDZ6SlYcthZIXwetuXaxgRjr5ACG64WidGrTwya7i4uOAIiyeZIvvq1saJKwM+7e22jVfGmhL7tDaE9TVbuX8rm9v6ROMOu4CyOqanSfMZy1YkqONOgbX63IbsGShZTOvpa0AszB072lVgureolouB+QtXu58EUy6il8F+ZcqgEUXPUbxpJIe6hBeYovPmUGIYEv2PX08BkrBjP1wVZwFHSbv32eKCMT4eGT1r82+om3d+5gRBCHZKT/rM1vmRgYSJlrBTUzMxX3AJkrysiCxJV8dEQVvyMjo8Bj+zw3OdrlYWJmTuohOeKKYFMPyeMbE6S/LWZ7Ut2BEzX5zefRr/P23rZK8/XLlwuQRFEN/OdXN5mjkuoQDWt0Ip/jAbUjRlNvznKasZ9oH7oYFMt6yoRAqsL18dOjYX9EHJbsgiVUkPX9jU29ArPKFRpXNovlZSQ7e4IzZffZXlu/RERUSsGDojpqDgWLrkxFgX8P6mntbIpbdXXjjoS3DhFvmtOfyScBcQl3C64od9zdjkVUpS2BIdQvmImH1mucYYzqN5ZKicQtj36bIiRVsjBR5TupfiHVWN7sKfWHMJLxcyg7JBtYvWtEDaaSXfhaJbR5ZOfnQBuAJyJz8vDQq1wkHZ5KtqvKkyUZW7zEXM+UKsa4WrEvLHGMI+XosEeYJDIS6K/Yw8VgjelVE/nux2OgJiykflw3dqf0e8/tMoP0u5vPoGHIiBRE+0jrcRZnEhQxw9S2xScqWo7ne+xPjOmZhG72/n/SM5Qv8+vQ0fp5y9odq5jYC8xjSO6Q2aPGFWRc4KcZvtxbn9IxOu6FWLftb98S6jA0kI/XtPwZZ
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 6:SRE3Gvxr6KKVqm/vn3UXQZw7B0QVScfg68gaqhtsC5zW8FJ7KSe0l2gAlXj9XOcvQUStx3pqc1kkrlepC1TONW0eZU3T55SIf6mLzMlLtAr9+77cJ0k+u6FgLdQTIoZujy2I71x1KzM3ltLUALr/geiG/Yx5DdZjAIZy+t70Wuj9glNIiVvm4RRAG4LP0YNqxehWp1cwKgDV4j8yVlpL3x6V8jwadPCDUSfWFg3d+9hnw4fEkk4mOAIX0lYnf+7zFf14DSI+PQPTRz55lpuIQsSG8XAuiqPYFv35vzzSkC6bK7SA0fwVq2+ZacMwcf4vbNlemyppuQ6MmVAg9UZiA6USf+F93uyZc1kVUifXr4NPpW22Hzc9tldW1VRAUKSp89WPHS9/k17KAly44JpXSfnoykkBSebw3BFWJjTHADRtoE2aZ/GtwxdHs28IP7k9lGCood60BLJNZKaQv1cYom+5IVbjRzGXYhZsueIKr7Zul/iEX+ToiS2LzgTYKOuRtr8zaTvu1CzjGr5WceKElQuFYoijBr8JyxJ9jef4mkU=
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 5:bPDWc17h+vpWJujdREQVrILOQqHFxGxE181fZuND9HXPTYc2mQHsilc1RZchAoE9pjjDq8K7RsHEx5yQJvD9EIUz5Ac3aJjC3kRy/v8AhmkIXxQD5vyEpYXJ80oTeElapWqrQLerJvnBECKKrxE+Ovk66bMXQl4Rco8Z6giyxaMKbZEX8uDgHywV+zPFczDEMbaEeUcL0NZtYppJLqdJPC1/fwlNP38xQN2Xqs75Z3mEr1lo3ijE1p9QQjAT0zMZ88RboOHVm2UwSkc2DvzGNcKJNxQugUjjv24M19T56sEGZepmkMbGMcW/9Dd3BIvhmNIZbQB8MM7G4HfueD7pyAqsvNnVz9KjpYzbE9zIAPTFFNpGepV0WgEkAf7PX8bN+77Naf/gQm7D6eW6RTaSRBMOTvjPd217Ft78qWmoPn+mEKtrhqSxTqOOXn/Va99aiQ0cmAZiN4PBRqPlYN48BqmcbFIw4iYb8QPOx7ZctN6reFmwup27iByzaU83CTka; 24:mh3tc6Mx9OD/vXKmySfJy1Cf3TWGgmED5VApS1UXfO+DQdGF9F4qAaXSazCpEET0BxUofyezMNT4uYdPEdNAN7rPF8WkGDosjOz7XZE2Ttw=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 7:QZlF6LqcEnwVo5zt5QWvpTch0DcRvAtxaiIM8M+j6QPkBFiUEQnsagXHeJWAOHaqyik/ptb0U1KDZsDj1kO+GEDZgK1+iGjOzTZvVA9jv5B2XMYN6XusWSet/GEQsuH/idZoTr2dAiLlpwPFW8hpkeuF7OqHMGw9vOMQjy/4G8ElQRK9W2TnepZhVVQg2cY63hvtx9L/QHoRsGMtaDEBf5mV+ULjBh7zd4w/QJqtR4s7U082ZD+hSyBH3bnpQVKoIGQv/8h20YrwrhbW8vq4JZSS8iy32lfTrnlJvzqqpcmH3N8fCikcr8imncpn0insTQ1Du2GpsWMObN5LzJjIig==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jun 2017 19:16:15.7096 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR05MB1984
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/iFacQ-KJL6UkE4FJ-qH-R0f06V4>
Subject: Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jun 2017 19:16:20 -0000

For OpenSSL and ECDSA, the following example may help you:

$ openssl version
OpenSSL 1.0.2l  25 May 2017
$ : Tell OpenSSL what Elliptic Curve you want to use: prime256v1 in this case
$ openssl ecparam -out prime256v1-param.pem -name prime256v1
$ cat prime256v1-param.pem
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
$ : Generate a private key based on the prime256v1
$ openssl ecparam -in prime256v1-param.pem -genkey -out my_privatekey.pem
$ cat my_privatekey.pem
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIEwjT+3tXgsoPmQ4dGnVtAzuC03S7HHRiqPxifL0cE8UoAoGCCqGSM49
AwEHoUQDQgAEFTtSp6kPe2fjNNfHiaKGpMYFs19xnj6hTfpdmklxE1Y1ERP2Zlgj
2QG5vSbb13xbQ+EPcMdoLt4lBTpy+wxDQw==
-----END EC PRIVATE KEY-----
$ openssl ec -in my_privatekey.pem -noout -text
read EC key
Private-Key: (256 bit)
priv:
    4c:23:4f:ed:ed:5e:0b:28:3e:64:38:74:69:d5:b4:
    0c:ee:0b:4d:d2:ec:71:d1:8a:a3:f1:89:f2:f4:70:
    4f:14
pub:
    04:15:3b:52:a7:a9:0f:7b:67:e3:34:d7:c7:89:a2:
    86:a4:c6:05:b3:5f:71:9e:3e:a1:4d:fa:5d:9a:49:
    71:13:56:35:11:13:f6:66:58:23:d9:01:b9:bd:26:
    db:d7:7c:5b:43:e1:0f:70:c7:68:2e:de:25:05:3a:
    72:fb:0c:43:43
ASN1 OID: prime256v1
NIST CURVE: P-256
$ : Generate public key
$ openssl ec -in my_privatekey.pem -pubout -out my_publickey.pem
read EC key
writing EC key
$ cat my_publickey.pem
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFTtSp6kPe2fjNNfHiaKGpMYFs19x
nj6hTfpdmklxE1Y1ERP2Zlgj2QG5vSbb13xbQ+EPcMdoLt4lBTpy+wxDQw==
-----END PUBLIC KEY-----
$ 

If you look the PEM file contains the following prefix before the "pub:"
key

$ openssl ec -in my_privatekey.pem -pubout -out my_publickey.der -outform der
read EC key
writing EC key
$ od -t x1 my_publickey.der
0000000    30  59  30  13  06  07  2a  86  48  ce  3d  02  01  06  08  2a
0000020    86  48  ce  3d  03  01  07  03  42  00  04  15  3b  52  a7  a9
0000040    0f  7b  67  e3  34  d7  c7  89  a2  86  a4  c6  05  b3  5f  71
0000060    9e  3e  a1  4d  fa  5d  9a  49  71  13  56  35  11  13  f6  66
0000100    58  23  d9  01  b9  bd  26  db  d7  7c  5b  43  e1  0f  70  c7
0000120    68  2e  de  25  05  3a  72  fb  0c  43  43
$

Which decomposes to some front material:

    30:59:30:13:06:07:2a:86:48:ce:3d:02:01:06:08:2a:
    86:48:ce:3d:03:01:07:03:42:00:

followed by the public key:

    04:15:3b:52:a7:a9:0f:7b:67:e3:34:d7:c7:89:a2:
    86:a4:c6:05:b3:5f:71:9e:3e:a1:4d:fa:5d:9a:49:
    71:13:56:35:11:13:f6:66:58:23:d9:01:b9:bd:26:
    db:d7:7c:5b:43:e1:0f:70:c7:68:2e:de:25:05:3a:
    72:fb:0c:43:43


Use the key...

$ echo hello world > hello.txt
$ openssl dgst -sha256 -sign my_privatekey.pem hello.txt > hello.sig
$ openssl dgst -sha256 -verify my_publickey.pem -signature hello.sig hello.txt
Verified OK
$ od -t x1 hello.sig
0000000    30  45  02  20  55  5b  3c  3a  ab  2a  5f  70  de  62  a7  32
0000020    19  ea  e1  98  bb  13  1e  a7  00  9a  e4  52  ab  85  74  d8
0000040    c4  b0  4e  98  02  21  00  c0  aa  55  54  83  0f  54  33  f1
0000060    b4  53  fa  e9  f2  94  71  3c  5a  b7  83  a3  76  51  e1  24
0000100    84  d2  8c  41  dc  3d  5c
0000107
$ 

I suggest you not actually USE the public/private keypair provided above
given it is no longer secret.

      -- Mark