Re: [IPsec] WG Last Call on draft-ietf-ipsecme-oob-pubkey
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 09 April 2013 02:48 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E781C21F8EC1 for <ipsec@ietfa.amsl.com>; Mon, 8 Apr 2013 19:48:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UOiqH5Ml3ukB for <ipsec@ietfa.amsl.com>; Mon, 8 Apr 2013 19:48:16 -0700 (PDT)
Received: from tuna.sandelman.ca (unknown [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) by ietfa.amsl.com (Postfix) with ESMTP id 5925221F8EB2 for <ipsec@ietf.org>; Mon, 8 Apr 2013 19:48:15 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id EE2982016F for <ipsec@ietf.org>; Mon, 8 Apr 2013 22:57:48 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id C5EC8638F7; Mon, 8 Apr 2013 22:47:55 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id B79C8638E8 for <ipsec@ietf.org>; Mon, 8 Apr 2013 22:47:55 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: IPsecme WG <ipsec@ietf.org>
In-Reply-To: <D05A8680-CFD7-4A3E-B679-62060D41946B@vpnc.org>
References: <D05A8680-CFD7-4A3E-B679-62060D41946B@vpnc.org>
X-Mailer: MH-E 8.3; nmh 1.3-dev; XEmacs 21.4 (patch 22)
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Mon, 08 Apr 2013 22:47:55 -0400
Message-ID: <3164.1365475675@sandelman.ca>
Sender: mcr@sandelman.ca
Subject: Re: [IPsec] WG Last Call on draft-ietf-ipsecme-oob-pubkey
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2013 02:48:17 -0000
>>>>> "Paul" == Paul Hoffman <paul.hoffman@vpnc.org> writes: Paul> http://tools.ietf.org/html/draft-ietf-ipsecme-oob-pubkey I have read this document anew. I found the jump in section 3 to: When the certificate encoding type 'Raw Public Key' is used then the Certificate Data only contains the SubjectPublicKeyInfo part of the PKIX certificate. to be confusing on first read. Perhaps this is because I attempt to be as ignorant of PKCS/PKIX stuff as possible. (I admit that I'm a failure at this). I think that it is telling me that it's not just a raw RSA key, which is really the whole point of this exercise, but rather just the SubjectPublicKeyInfo part. I think that this paragraph could be made clearer to people who are trying to avoid knowing anything about PKIX. I followed the reference to draft-ietf-tls-oob-pubkey-07, which I read. I would like to suggest that section 3 more quickly refers to the tls-oob-pubkey Appendix A, and that it say something like: In order to provide a simple and standard way to indicate the key type when the encoding type is 'Raw Public Key', the SubjectPublicKeyInfo structure of the PKIX certificate is used. This is a a very simple encoding, as most of the ASN.1 part can be included literally, and recognized by block comparison. See [draft-ietf-tls-oob-pubkey] Appendix A for a detailed breakdown. In addition, Appendix A has a few examples. (Yes, add a second example... an RSA example.) -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
- [IPsec] WG Last Call on draft-ietf-ipsecme-oob-pu… Paul Hoffman
- Re: [IPsec] WG Last Call on draft-ietf-ipsecme-oo… Michael Richardson
- [IPsec] STRONG NUDGE: WG Last Call on draft-ietf-… Paul Hoffman
- Re: [IPsec] STRONG NUDGE: WG Last Call on draft-i… Yaron Sheffer
- Re: [IPsec] STRONG NUDGE: WG Last Call on draft-i… Cuiyang
- Re: [IPsec] STRONG NUDGE: WG Last Call on draft-i… Tero Kivinen
- Re: [IPsec] STRONG NUDGE: WG Last Call on draft-i… PUTMAN, Tony (Tony)
- Re: [IPsec] WG Last Call on draft-ietf-ipsecme-oo… Tero Kivinen