Re: [IPsec] [Editorial Errata Reported] RFC7427 (4295)
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 24 March 2015 16:02 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0B321A900A for <ipsec@ietfa.amsl.com>; Tue, 24 Mar 2015 09:02:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ccnd-roZbGhE for <ipsec@ietfa.amsl.com>; Tue, 24 Mar 2015 09:02:53 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30F891B2E5C for <ipsec@ietf.org>; Tue, 24 Mar 2015 09:01:09 -0700 (PDT)
Received: by lagg8 with SMTP id g8so163269842lag.1 for <ipsec@ietf.org>; Tue, 24 Mar 2015 09:01:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=N9r7QdeWk/nQ8xY6GGUOvnPjU93/PYCP+ReCXqLc0CQ=; b=PoBkZUHWzpDAWoJgR1y/b5MICMi4hRU3pNyO0RsIO3i4uQzwSJHk6jkqfRV2lmAV6r PMFZXWrpe1w18ruT14xoUaE6aDFgIEmVCex4qZIBE+OwudwsX5zhIlSzIGbIw2QIsDDy 0tk8LcqO2LylabPF/LNi1Qh176xh2N2u+P2BmL17Qj4zX2HR7351XEwEub3dWyjIi+0U y1gtOGFP0clWWcqfY1arsDYN5cwZpz/E3PSvWFBUG9DCFcgQk7+0N21HlDETYdAJMpQ6 VCWCH7RmLKJguGujAd5gnEWQMCYkWDmQzKPy+Fn3S77akGkwmhMz7APjncAnqigiFtEx TAig==
MIME-Version: 1.0
X-Received: by 10.112.218.5 with SMTP id pc5mr4586910lbc.32.1427212867584; Tue, 24 Mar 2015 09:01:07 -0700 (PDT)
Received: by 10.112.167.101 with HTTP; Tue, 24 Mar 2015 09:01:07 -0700 (PDT)
In-Reply-To: <21777.35077.256865.60502@fireball.kivinen.iki.fi>
References: <20150310100921.959FD180207@rfc-editor.org> <21777.35077.256865.60502@fireball.kivinen.iki.fi>
Date: Tue, 24 Mar 2015 12:01:07 -0400
Message-ID: <CAHbuEH58jRdR4QJk_B9N=dKc59_ixaYVQhKyvzey_0+gf-Vz7w@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Tero Kivinen <kivinen@iki.fi>
Content-Type: multipart/alternative; boundary="001a11c322f6fdca1e05120ae3ae"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/3eK5i6Us6eMAM5ypR9rE331hqrs>
Cc: a.yousar@informatik.hu-berlin.de, Paul Hoffman <paul.hoffman@vpnc.org>, "ipsec@ietf.org" <ipsec@ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>, Joel Snyder <jms@opus1.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [IPsec] [Editorial Errata Reported] RFC7427 (4295)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2015 16:02:56 -0000
Thanks for your review of this errata report. As I read your response, this should be rejected. If a note like you suggest might be added, "We could add note saying that format A.4.1 MUST be used when generating the RSASSA-PSS with default parameters, but A.4.2 can also be recognized." should be added, then I think that should be in a separate editorial errata and this one should be rejected. Does that sound good? Thanks. On Tue, Mar 24, 2015 at 11:55 AM, Tero Kivinen <kivinen@iki.fi> wrote: > RFC Errata System writes: > > The following errata report has been submitted for RFC7427, > > "Signature Authentication in the Internet Key Exchange Version 2 > (IKEv2)". > > > > -------------------------------------- > > You may review the report below and at: > > http://www.rfc-editor.org/errata_search.php?rfc=7427&eid=4295 > > > > -------------------------------------- > > Type: Editorial > > Reported by: Annie Yousar <a.yousar@informatik.hu-berlin.de> > > > > Section: A.4.2 > > > > Original Text > > ------------- > > Here the parameters are present and contain the default parameters, > > i.e., hashAlgorithm of SHA-1, maskGenAlgorithm of mgf1SHA1, > > saltLength of 20, and trailerField of 1. > > > > 0000 : SEQUENCE > > 0002 : OBJECT IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1.10) > > 000d : SEQUENCE > > 000f : CONTEXT 0 > > 0011 : SEQUENCE > > 0013 : OBJECT IDENTIFIER id-sha1 (1.3.14.3.2.26) > > 001a : NULL > > 001c : CONTEXT 1 > > 001e : SEQUENCE > > 0020 : OBJECT IDENTIFIER 1.2.840.113549.1.1.8 > > 002b : SEQUENCE > > 002d : OBJECT IDENTIFIER id-sha1 (1.3.14.3.2.26) > > 0034 : NULL > > 0036 : CONTEXT 2 > > 0038 : INTEGER 0x14 (5 bits) > > 003b : CONTEXT 3 > > 003d : INTEGER 0x1 (1 bits) > > > > Name = RSASSA-PSS with default parameters, > > oid = 1.2.840.113549.1.1.10 > > Length = 64 > > 0000: 303e 0609 2a86 4886 f70d 0101 0a30 31a0 > > 0010: 0b30 0906 052b 0e03 021a 0500 a118 3016 > > 0020: 0609 2a86 4886 f70d 0101 0830 0906 052b > > 0030: 0e03 021a 0500 a203 0201 14a3 0302 0101 > > > > > > > > Corrected Text > > -------------- > > If the default parameters are used, i.e., hashAlgorithm of SHA-1, > > maskGenAlgorithm of mgf1SHA1, saltLength of 20, and trailerField > > of 1, the parameters MUST NOT be encoded according to the > > Distiguished Encoding Rules (DER) of ASN.1. Therefore the encoding > > is the same as of A.4.1. > > Not true. In the RFC 4055 the section 3.1 says that even when the > default values are used the implementation MUST understand both > formats, i.e. the case where the default value is omitted and the case > where the default value is explictly given: > > From RFC4055 section 3.1: > > hashAlgorithm > > The hashAlgorithm field identifies the hash function. It MUST > be one of the algorithm identifiers listed in Section 2.1, and > the default hash function is SHA-1. Implementations MUST > support SHA-1 and MAY support any of the other one-way hash > functions listed in Section 2.1. Implementations that perform > signature generation MUST omit the hashAlgorithm field when > SHA-1 is used, indicating that the default algorithm was used. > Implementations that perform signature validation MUST > recognize both the sha1Identifier algorithm identifier and an > absent hashAlgorithm field as an indication that SHA-1 was > used. > > In this case we are not actually doing either one of those options, we > are not generating signature, and we are not validating them. In this > document we are simply indicating what kind of signature will follows > this binary blob. Yes, when generating those ASN.1 objects for default > values implementations should use the A.4.1 version, but they might > also want to understand the version specified in the A.4.2. > > Note, that in some cases the implementations might simply take the > AlgorithmIdentifier pieces from their own cerificate and not generate > it at all, and this might cause them to take whatever the CA vendor > generated for them. > > Actually when checking for the RFC4055 I notice it says that same > thing (MUST omit in generate, MUST recognize both) for everything else > (hashAlgorithm, maskGenAlgorithm, and trailerField) expect for > saltLength... I do not know if this means that for saltLength we > should actually not encode the default as number or if this is just > sloppy writing of the RFC4055... > > > 0000 : SEQUENCE > > 0002 : OBJECT IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1.10) > > 000d : SEQUENCE > > > > Name = RSASSA-PSS with default parameters, > > oid = 1.2.840.113549.1.1.10 > > Length = 15 > > 0000: 300d 0609 2a86 4886 f70d 0101 0a30 00 > > > > > > Notes > > ----- > > Section 3 requires the use of DER: > > The ASN.1 used here is the same ASN.1 used in the AlgorithmIdentifier of > PKIX (see Section 4.1.1.2 of [RFC5280]), encoded using distinguished > encoding rules (DER) [CCITT.X690.2002]. > > Yes, when generating them they needs to be in DER, when matching the > values sent from the other end, the matching can be looser. > > We could add note saying that format A.4.1 MUST be used when > generating the RSASSA-PSS with default parameters, but A.4.2 can also > be recognized. > > If the implementation has real ASN.1 parser this is exactly what it > will do automatically. > -- > kivinen@iki.fi > -- Best regards, Kathleen
- [IPsec] [Editorial Errata Reported] RFC7427 (4295) Tero Kivinen
- Re: [IPsec] [Editorial Errata Reported] RFC7427 (… Kathleen Moriarty
- Re: [IPsec] [Editorial Errata Reported] RFC7427 (… Tero Kivinen
- [IPsec] [Errata Rejected] RFC7427 (4295) RFC Errata System
- [IPsec] [Errata Rejected] RFC7427 (4295) RFC Errata System
- [IPsec] [Editorial Errata Reported] RFC7427 (4295) RFC Errata System