Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add
"Mark D. Baushke" <mdb@juniper.net> Sat, 10 June 2017 19:16 UTC
Return-Path: <mdb@juniper.net>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A6CB129468 for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 12:16:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afYyz6dw7uSG for <dcrup@ietfa.amsl.com>; Sat, 10 Jun 2017 12:16:17 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0126.outbound.protection.outlook.com [104.47.34.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE93B129466 for <dcrup@ietf.org>; Sat, 10 Jun 2017 12:16:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=dIHu5xxyFA1oYbR+j510CepGixks4huB81IqlY/nH7M=; b=fitKZRhm3hqjs6LSJvJI/PmCoV/8bbOtPgPsq7K3keRZr2xHx0JPTd3OX8IHgQvzTXBl3kz+Q1G3fnXrBq1w/CGUe4izQzhhXGrjguHalZZLOs3zxVXkP9mBatfZTzTGpTCEOZa2NY/3fag5t30kQ99TNMF4NskajNurOCe7lNg=
Received: from BY1PR0501CA0035.namprd05.prod.outlook.com (10.162.139.45) by SN1PR05MB1984.namprd05.prod.outlook.com (10.162.132.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1157.9; Sat, 10 Jun 2017 19:16:16 +0000
Received: from DM3NAM05FT028.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::203) by BY1PR0501CA0035.outlook.office365.com (2a01:111:e400:4821::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1178.5 via Frontend Transport; Sat, 10 Jun 2017 19:16:16 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT028.mail.protection.outlook.com (10.152.98.139) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1143.19 via Frontend Transport; Sat, 10 Jun 2017 19:16:15 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sat, 10 Jun 2017 12:16:03 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v5AJG2TP021469; Sat, 10 Jun 2017 12:16:02 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id D61EC1144E; Sat, 10 Jun 2017 12:16:01 -0700 (PDT)
To: John R Levine <johnl@taugh.com>
CC: Eric Rescorla <ekr@rtfm.com>, dcrup@ietf.org
In-Reply-To: <alpine.OSX.2.21.1706101344460.16992@ary.qy>
References: <20170610125545.14232.qmail@ary.lan> <CABkgnnUAJ6ix3pMB_Y792QOCqRSp2qA9oTSyUCbXP_=P5HRwGA@mail.gmail.com> <CABcZeBMAmjVaJCJwB-qZSpTX0aS-oi1mTduHCdLCM33dWj9P-Q@mail.gmail.com> <alpine.OSX.2.21.1706101205270.16559@ary.qy> <CABcZeBM_P4C8xYDmMEbhAbs1tVPVWk6+UgT7vAcktSNtjVyXCg@mail.gmail.com> <alpine.OSX.2.21.1706101211200.16559@ary.qy> <CABcZeBN9r9XdsJVayMcUE03WJv74MOsefVdwb-CdchVbaKdT1Q@mail.gmail.com> <alpine.OSX.2.21.1706101344460.16992@ary.qy>
Comments: In-reply-to: John R Levine <johnl@taugh.com> message dated "Sat, 10 Jun 2017 13:48:28 -0400."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sat, 10 Jun 2017 12:16:01 -0700
Message-ID: <81246.1497122161@eng-mail01.juniper.net>
Sender: mdb@juniper.net
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(979002)(6009001)(39860400002)(39840400002)(39450400003)(39850400002)(39400400002)(39410400002)(2980300002)(189002)(199003)(9170700003)(53416004)(6246003)(6266002)(110136004)(93886004)(7846003)(6392003)(478600001)(189998001)(2950100002)(6916009)(4326008)(305945005)(117636001)(47776003)(55016002)(7126002)(5660300001)(356003)(106466001)(38730400002)(229853002)(50986999)(81166006)(53936002)(76176999)(105596002)(8676002)(54356999)(5003940100001)(54906002)(7696004)(77096006)(86362001)(48376002)(76506005)(575784001)(2810700001)(2906002)(50466002)(8936002)(42262002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR05MB1984; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:ovrnspm; MX:1; A:1; PTR:InfoDomainNonexistent; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT028; 1:H+Hi90d79dZu/ZMGxmFuyxiBCyJg9bRXmXjlSxezLy+GTh0vM0mgzV332KISKzUpsJ4NfapRIxt8cTKynSQWa7DNnPLE8WxsUUYJ83uFBOLnZi1wF0KVlMs94bWq22VGjBq8knqTZ9M8h2T1TPfEVybQLFDHo/rxx4SWeKodHi7cQLkWpOnNeZmgvNhTiFduN6pamBRtbugcCF3aQJGBvvWs0w+ikG1fBXTzqDjATU6tdeH46iqpzR/B+CRnhbUMuzUccxJprJ8QZMhaZjHFqB+cM7/uqxFoz67CSo7IqNJXJMbo7/HlWJYGRTNxCoD4HRvPZd6Zl8Mb1fX56E5PXdBE1mIdngWoPN0yOrWYzNaoECeYD8xZsuUj3yb7OAfgnWnZNAe3uLLlFvGI4lxHKnrPtJN1JWByAd+FdGdi74qvMv5+uWo5nG91t6sMclND504oBFfKyCjfA/3Qf94+43ji695qs+RVe1LHXqPUFgvsLogid2mi+0L16dC0UtOAWZITIrX8J3NPqu9DyGvnlz1QUGlnmpoIMVUHISPLRJ5K7aCoEkVIv6i4nL92pMdT
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PR05MB1984:
X-MS-Office365-Filtering-Correlation-Id: 7643d704-ab56-46bf-05ac-08d4b0352a97
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:SN1PR05MB1984;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 3:Mu0m3/fpvW5OtEF9TmDqhdbDk4IaGC7fwYRpT5YdbfufJ5NQdVa0E6t3A9QITRYSduF080oQdmjpn9h4+bcKKJnb2yIdBKOEno7L8Xx+JeFXYa4RJnDhOSlP9Q81f6WAY6pAdFtzWWcb4uFtKo1gXLHDgn2BS+XhLNZ0ubSK/d6fwZXyPCR4P4+JHiFRERIyaGhPyu4rGJPD1+Edsa7YkJ1OUORrRg2UfI4vSJQQY4r4+TZXBaYdrdH6AogK/4EQ6IstFupEbRDVMMeQV7ZttrFcaJOKEjGxDC/zzr+HV1nTNMC3CEwqEmLoylcVWg5txHQb6mLuupopuzPJVwKXkB0dZRsMd1wyB5nF09wyglKVjUa7iXI12LqePgqI/68dLRc9OBvDRNv9ubDxiNhf4X0tW75e4Lzrpo16ZGy/VWZ/L8mVsFk6TVQ9UO+9PlCdJXDXF+Z03Oz/zyI6VHp+7Q==
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 25:CzuLkp0hcMi1HwNuNp8FyFbl80xKKLh7u+EKqY6LhIH/sBuofroZy0EaibltrRuDE5QxuFyfIzgg1LoOYE0mxNSGu+oFfWkhMDrgdpi+q1ggFdGBNPS1fUnEW8dXSVGII/Lk6mN+A9AtEkLcuM8cKW9lDbSj0xdXibbr4pnEPxbYvCK8tubdac4rq50V9qVu1cJr2+tdNXHE+3onvnFXWjX0fikYh7ICMQPXSu6/j4eEvINoLVnRGzYx+IKH2H0s3+DWW6FWxzlwOhkwGTvyGh2SLn9/Ik0JgPkIVwJPp25iWBS+7QeoQMWG9PibK99Sm88d2lXu4wJsi6TOJLV2Ej4PgVp1rItj30NejVZHQDNTd+sqstyDsx9HV4KkljhiTu9gPmLmqBMHWRmCQlsJ2jQQ58LKY8g6jS+2jZaBdq5Og+kBMrxf87ZdyMuLj5B0pA13hUpoZa2cBQXdwPHjnJuxLemHyUiFCk+/L6TyRrA=; 31:otTEK0OIXMaV5U1fhbCHGEOy39x8M5f3YM9s0xM168kiT+d3NnbcBAUtjwYzvRfyVKtREgNFfUobBgyz7n34UDbVK4089AN2rrW93/qQiLl/1f01kz/rd34fvetLwYmdOnYB0IAIDvriMrDUXWtXGoWL2tfLp3e3bdVoOn0zOFz3CpJ0vfmvr7gWxvgbCaME1HCvevawI9hk/wWrdgco4Hi13voQogyiEQxpPHQ/0ijOwlsj+cUKxhRPUew4bfxUS25IcGqxribOyg5DnnOREQ==
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 20:KRYyTgXtTUKVzclFV6KD4xrzkZ1BYO/E4O6xQq5LWw3r0iG9WKDnRDswat8Vfrbjjf8d+SlDTiP8VJrHh9vS0oemfW4gFZ9UlaqYTgXQTU2R2YPutwwTiOUjctGGlP4YC+EgXEgJW8Gyzb/OCfJqeZ6V4Fw4kd2/+Wv4+g5PF/hyUZCOQpzzS3+M1QKmVstDun+Uhp8oKvVUySZD8KU2f7SAnjj9H+MTE3e4Gm1MR3mtuDWU2jFAapovBFag7YtYN2gD2MJxbd5eWkW04PVN5zBu5B6pE7XHjazAKHxeOUfvrzal6kKHIcIYJUGeeyktbbzUqtjjqu6heBgFw+lRQDF3QPKW4THRII8mkdgFLL7ZlHNgqMUWbY2CejczWzSNHkTBNljOv74FZGDvtw6ItilJUuMQioHr5+0f+eIpCj8zmUjg+Yqrsd2GcqT5vREjxIgwrJhN3+2pyklmhLbYZBZ8lQgDnw2Q1jbU22bAQYvvR4PoHtoz7Thit6NQuh8n
X-Microsoft-Antispam-PRVS: <SN1PR05MB1984D402C866ADB55B835651BFCF0@SN1PR05MB1984.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(13018025)(13016025)(3002001)(10201501046)(100000703101)(100105400095)(93006095)(93003095)(6055026)(6041248)(20161123564025)(20161123562025)(20161123560025)(20161123558100)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR05MB1984; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR05MB1984;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 4:yR78KkqT/yN/zMj/vCkSC8Tq+v0qIOYr+gFhKU2NCOfs+5PGU08d9yHJ/wE9+yMftsRJJbIc0aRayOIxmCIFcA9zcG61bzzXF+wbnjBn+7gFU7A/oF1nQOWnGiaSRfdf11pJMgSN7pms1kCVyozkbYHCZ0SMkH0h0VQ4TlJpaHidtZl59nLVqdBnCzPFZtlPRIDASgSSyz6TnjbRB7BUGAvGqVzbRu3z9WPqT16AnKi8DAHuJyvfB5pTNPhcA7XYo7kSvPyWCfo8WxEw7QGInCCwj6e73wq4lWBFxZO9xgBbqykTF66jrj5EyIMVIye2lNS3OT/0fe7cWXBfMAjV5HAxzwXhWUwHMINVLCT077xKDxZLfEstDTmr7+KwywF+6EJz4PRh4HYygNrOd8xd4m3/O3U9585t+av7n9C+/lT3SPdmjFWx4WRabxw+AkF70wRfxT2jdSprxqoOjlkfFV7vAPL0Y9+/MadSHZO//w9IlBeqCTOWEu0f9mgxr6UEtMEFwuNuPENqR77J5Rm1Ff1bT3H7PL1t1k4ronv1Dq7J1b1C9CcAIyxuBTvECaa0Br6nWOYLpzzVstVqtLMkkarXQj4AtR5SsCLzjPZDnQ43RNn8BVYYNUxxKEB8nEejLRLmD+ynL3hE1FXwKYAWmkI7uZZEW5/UITUABjvQrbo6nlTyneBfAo2dA21oVUg0sAEpdv2ilr6/ICxM/B29pfCMfcZSPH5P9kPu8dGF7EW0WTpSBQAH3XjLxyVHPc//eXjyRL0gl4W1etZF22IHcFud3aNDkTDQfFNdqWGyJIrmFrkyHeRDVrMJrZ5vlhc8JG9vJNphNhFwJbXIjqsP00H+YhWLvQqtqPgeXlDPksmWduOkcdNo53d/QeftOFO67Gr76F0ExecfD+lKjWvfa9FVIoFoto87TSNCk3jEzr7OsNO15M4CxozACFe40AG0H18CSKAFnIYljMFQvAP1DsZ85mXs0FhMZbqmjT4kfbH6UfSuS1TLTFTjWrOxvkYoCaqHd50NijB91sYhOEE1/rEyt6CiL16zEZH8M0dBlGw5x96kF+AWOGlenGLLhBiIHDteohG/PrSxFj/UpVZR9CUtSvjjCi0kYLFwFG52JehUDO0gFCUXyuIJqY6E991qCS3+NUIK9D3Aa33e9te94+uWUB+4qXHvBZgeioSXDp9ogq0UkS0hk6Wn4GlMjqQm
X-Forefront-PRVS: 0334223192
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 23:ywwfQZYxfev92TjZUapdQ7XLZtvgk3VV0hwg6Qqm9kWJGAXmhs5UXGvb9q9I0uF7tQweJ0OCrgy5aqNGZf1647EHaR8yc7ByPnYajmdMYRFiYk0E+Iba9eyccDMaAofFLngD5wab3Ku16PBKmYuv503kiEmwM5I25Myqu+XwSfQssecq1GZO1aUd3K6NeC1RghF1zO221msIRl35KfeCQTO9IOunZJhRSU1PkpNUAy5AYCP/0IY48+8O++qnK6ev69UJbiTBetmb7RZVQOby2HCwPuLVtM89YMZiH4EA454R00jnat1xzWkhBp56IWUS1Snmzoz5LXbNevduUI7oytKcOEuj0TT+RN6jW7dhXd2DCJjpiplu44199fO61hbor5OMtjGDVsgs7TSzkguMRsfm/Uw1Lk2zRXnyU+wvGT9yklZ1fBoc9BYnZNCxnEp8fLz+p5GiiqlwYnHq6wIRe0DbhxGJLusMm2zAG4s9Ga+7sPrTNbOHo5ykk7dLkKnPN/CEXGb1eKlpZU8oAszSVPRbqnQJ5q6GmzNE0IPxmvkEAELy4MsqDZ6SlYcthZIXwetuXaxgRjr5ACG64WidGrTwya7i4uOAIiyeZIvvq1saJKwM+7e22jVfGmhL7tDaE9TVbuX8rm9v6ROMOu4CyOqanSfMZy1YkqONOgbX63IbsGShZTOvpa0AszB072lVgureolouB+QtXu58EUy6il8F+ZcqgEUXPUbxpJIe6hBeYovPmUGIYEv2PX08BkrBjP1wVZwFHSbv32eKCMT4eGT1r82+om3d+5gRBCHZKT/rM1vmRgYSJlrBTUzMxX3AJkrysiCxJV8dEQVvyMjo8Bj+zw3OdrlYWJmTuohOeKKYFMPyeMbE6S/LWZ7Ut2BEzX5zefRr/P23rZK8/XLlwuQRFEN/OdXN5mjkuoQDWt0Ip/jAbUjRlNvznKasZ9oH7oYFMt6yoRAqsL18dOjYX9EHJbsgiVUkPX9jU29ArPKFRpXNovlZSQ7e4IzZffZXlu/RERUSsGDojpqDgWLrkxFgX8P6mntbIpbdXXjjoS3DhFvmtOfyScBcQl3C64od9zdjkVUpS2BIdQvmImH1mucYYzqN5ZKicQtj36bIiRVsjBR5TupfiHVWN7sKfWHMJLxcyg7JBtYvWtEDaaSXfhaJbR5ZOfnQBuAJyJz8vDQq1wkHZ5KtqvKkyUZW7zEXM+UKsa4WrEvLHGMI+XosEeYJDIS6K/Yw8VgjelVE/nux2OgJiykflw3dqf0e8/tMoP0u5vPoGHIiBRE+0jrcRZnEhQxw9S2xScqWo7ne+xPjOmZhG72/n/SM5Qv8+vQ0fp5y9odq5jYC8xjSO6Q2aPGFWRc4KcZvtxbn9IxOu6FWLftb98S6jA0kI/XtPwZZ
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 6:SRE3Gvxr6KKVqm/vn3UXQZw7B0QVScfg68gaqhtsC5zW8FJ7KSe0l2gAlXj9XOcvQUStx3pqc1kkrlepC1TONW0eZU3T55SIf6mLzMlLtAr9+77cJ0k+u6FgLdQTIoZujy2I71x1KzM3ltLUALr/geiG/Yx5DdZjAIZy+t70Wuj9glNIiVvm4RRAG4LP0YNqxehWp1cwKgDV4j8yVlpL3x6V8jwadPCDUSfWFg3d+9hnw4fEkk4mOAIX0lYnf+7zFf14DSI+PQPTRz55lpuIQsSG8XAuiqPYFv35vzzSkC6bK7SA0fwVq2+ZacMwcf4vbNlemyppuQ6MmVAg9UZiA6USf+F93uyZc1kVUifXr4NPpW22Hzc9tldW1VRAUKSp89WPHS9/k17KAly44JpXSfnoykkBSebw3BFWJjTHADRtoE2aZ/GtwxdHs28IP7k9lGCood60BLJNZKaQv1cYom+5IVbjRzGXYhZsueIKr7Zul/iEX+ToiS2LzgTYKOuRtr8zaTvu1CzjGr5WceKElQuFYoijBr8JyxJ9jef4mkU=
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 5:bPDWc17h+vpWJujdREQVrILOQqHFxGxE181fZuND9HXPTYc2mQHsilc1RZchAoE9pjjDq8K7RsHEx5yQJvD9EIUz5Ac3aJjC3kRy/v8AhmkIXxQD5vyEpYXJ80oTeElapWqrQLerJvnBECKKrxE+Ovk66bMXQl4Rco8Z6giyxaMKbZEX8uDgHywV+zPFczDEMbaEeUcL0NZtYppJLqdJPC1/fwlNP38xQN2Xqs75Z3mEr1lo3ijE1p9QQjAT0zMZ88RboOHVm2UwSkc2DvzGNcKJNxQugUjjv24M19T56sEGZepmkMbGMcW/9Dd3BIvhmNIZbQB8MM7G4HfueD7pyAqsvNnVz9KjpYzbE9zIAPTFFNpGepV0WgEkAf7PX8bN+77Naf/gQm7D6eW6RTaSRBMOTvjPd217Ft78qWmoPn+mEKtrhqSxTqOOXn/Va99aiQ0cmAZiN4PBRqPlYN48BqmcbFIw4iYb8QPOx7ZctN6reFmwup27iByzaU83CTka; 24:mh3tc6Mx9OD/vXKmySfJy1Cf3TWGgmED5VApS1UXfO+DQdGF9F4qAaXSazCpEET0BxUofyezMNT4uYdPEdNAN7rPF8WkGDosjOz7XZE2Ttw=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB1984; 7:QZlF6LqcEnwVo5zt5QWvpTch0DcRvAtxaiIM8M+j6QPkBFiUEQnsagXHeJWAOHaqyik/ptb0U1KDZsDj1kO+GEDZgK1+iGjOzTZvVA9jv5B2XMYN6XusWSet/GEQsuH/idZoTr2dAiLlpwPFW8hpkeuF7OqHMGw9vOMQjy/4G8ElQRK9W2TnepZhVVQg2cY63hvtx9L/QHoRsGMtaDEBf5mV+ULjBh7zd4w/QJqtR4s7U082ZD+hSyBH3bnpQVKoIGQv/8h20YrwrhbW8vq4JZSS8iy32lfTrnlJvzqqpcmH3N8fCikcr8imncpn0insTQ1Du2GpsWMObN5LzJjIig==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jun 2017 19:16:15.7096 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR05MB1984
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/iFacQ-KJL6UkE4FJ-qH-R0f06V4>
Subject: Re: [Dcrup] Hey, crypto experts, what signing algorithm should we add
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Jun 2017 19:16:20 -0000
For OpenSSL and ECDSA, the following example may help you: $ openssl version OpenSSL 1.0.2l 25 May 2017 $ : Tell OpenSSL what Elliptic Curve you want to use: prime256v1 in this case $ openssl ecparam -out prime256v1-param.pem -name prime256v1 $ cat prime256v1-param.pem -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- $ : Generate a private key based on the prime256v1 $ openssl ecparam -in prime256v1-param.pem -genkey -out my_privatekey.pem $ cat my_privatekey.pem -----BEGIN EC PARAMETERS----- BggqhkjOPQMBBw== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- MHcCAQEEIEwjT+3tXgsoPmQ4dGnVtAzuC03S7HHRiqPxifL0cE8UoAoGCCqGSM49 AwEHoUQDQgAEFTtSp6kPe2fjNNfHiaKGpMYFs19xnj6hTfpdmklxE1Y1ERP2Zlgj 2QG5vSbb13xbQ+EPcMdoLt4lBTpy+wxDQw== -----END EC PRIVATE KEY----- $ openssl ec -in my_privatekey.pem -noout -text read EC key Private-Key: (256 bit) priv: 4c:23:4f:ed:ed:5e:0b:28:3e:64:38:74:69:d5:b4: 0c:ee:0b:4d:d2:ec:71:d1:8a:a3:f1:89:f2:f4:70: 4f:14 pub: 04:15:3b:52:a7:a9:0f:7b:67:e3:34:d7:c7:89:a2: 86:a4:c6:05:b3:5f:71:9e:3e:a1:4d:fa:5d:9a:49: 71:13:56:35:11:13:f6:66:58:23:d9:01:b9:bd:26: db:d7:7c:5b:43:e1:0f:70:c7:68:2e:de:25:05:3a: 72:fb:0c:43:43 ASN1 OID: prime256v1 NIST CURVE: P-256 $ : Generate public key $ openssl ec -in my_privatekey.pem -pubout -out my_publickey.pem read EC key writing EC key $ cat my_publickey.pem -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEFTtSp6kPe2fjNNfHiaKGpMYFs19x nj6hTfpdmklxE1Y1ERP2Zlgj2QG5vSbb13xbQ+EPcMdoLt4lBTpy+wxDQw== -----END PUBLIC KEY----- $ If you look the PEM file contains the following prefix before the "pub:" key $ openssl ec -in my_privatekey.pem -pubout -out my_publickey.der -outform der read EC key writing EC key $ od -t x1 my_publickey.der 0000000 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 0000020 86 48 ce 3d 03 01 07 03 42 00 04 15 3b 52 a7 a9 0000040 0f 7b 67 e3 34 d7 c7 89 a2 86 a4 c6 05 b3 5f 71 0000060 9e 3e a1 4d fa 5d 9a 49 71 13 56 35 11 13 f6 66 0000100 58 23 d9 01 b9 bd 26 db d7 7c 5b 43 e1 0f 70 c7 0000120 68 2e de 25 05 3a 72 fb 0c 43 43 $ Which decomposes to some front material: 30:59:30:13:06:07:2a:86:48:ce:3d:02:01:06:08:2a: 86:48:ce:3d:03:01:07:03:42:00: followed by the public key: 04:15:3b:52:a7:a9:0f:7b:67:e3:34:d7:c7:89:a2: 86:a4:c6:05:b3:5f:71:9e:3e:a1:4d:fa:5d:9a:49: 71:13:56:35:11:13:f6:66:58:23:d9:01:b9:bd:26: db:d7:7c:5b:43:e1:0f:70:c7:68:2e:de:25:05:3a: 72:fb:0c:43:43 Use the key... $ echo hello world > hello.txt $ openssl dgst -sha256 -sign my_privatekey.pem hello.txt > hello.sig $ openssl dgst -sha256 -verify my_publickey.pem -signature hello.sig hello.txt Verified OK $ od -t x1 hello.sig 0000000 30 45 02 20 55 5b 3c 3a ab 2a 5f 70 de 62 a7 32 0000020 19 ea e1 98 bb 13 1e a7 00 9a e4 52 ab 85 74 d8 0000040 c4 b0 4e 98 02 21 00 c0 aa 55 54 83 0f 54 33 f1 0000060 b4 53 fa e9 f2 94 71 3c 5a b7 83 a3 76 51 e1 24 0000100 84 d2 8c 41 dc 3d 5c 0000107 $ I suggest you not actually USE the public/private keypair provided above given it is no longer secret. -- Mark
- [Dcrup] Hey, crypto experts, what signing algorit… John Levine
- Re: [Dcrup] Hey, crypto experts, what signing alg… Martin Thomson
- Re: [Dcrup] Hey, crypto experts, what signing alg… Eric Rescorla
- Re: [Dcrup] Hey, crypto experts, what signing alg… John R Levine
- Re: [Dcrup] Hey, crypto experts, what signing alg… Eric Rescorla
- Re: [Dcrup] Hey, crypto experts, what signing alg… John R Levine
- Re: [Dcrup] Hey, crypto experts, what signing alg… Martin Thomson
- Re: [Dcrup] Hey, crypto experts, what signing alg… Phillip Hallam-Baker
- Re: [Dcrup] Hey, crypto experts, what signing alg… Eric Rescorla
- Re: [Dcrup] Hey, crypto experts, what signing alg… John R Levine
- Re: [Dcrup] Hey, crypto experts, what signing alg… Salz, Rich
- Re: [Dcrup] Hey, crypto experts, what signing alg… Mark D. Baushke
- Re: [Dcrup] Hey, crypto experts, what signing alg… John R Levine
- Re: [Dcrup] Hey, crypto experts, what signing alg… Salz, Rich
- Re: [Dcrup] Hey, crypto experts, what signing alg… Scott Kitterman
- Re: [Dcrup] Hey, crypto experts, what signing alg… John R Levine
- Re: [Dcrup] Hey, crypto experts, what signing alg… Eric Rescorla
- Re: [Dcrup] Hey, crypto experts, what signing alg… Salz, Rich
- Re: [Dcrup] Hey, crypto experts, what signing alg… Phillip Hallam-Baker
- Re: [Dcrup] Hey, crypto experts, what signing alg… John R Levine
- Re: [Dcrup] Hey, crypto experts, what signing alg… Phillip Hallam-Baker