Re: [keyassure] publishing the public key
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Tue, 15 February 2011 12:16 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 691B83A691B for <keyassure@core3.amsl.com>; Tue, 15 Feb 2011 04:16:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_41=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gcJFDPax8iHU for <keyassure@core3.amsl.com>; Tue, 15 Feb 2011 04:16:06 -0800 (PST)
Received: from emh05.mail.saunalahti.fi (emh05.mail.saunalahti.fi [62.142.5.111]) by core3.amsl.com (Postfix) with ESMTP id 1299A3A6CAE for <keyassure@ietf.org>; Tue, 15 Feb 2011 04:16:06 -0800 (PST)
Received: from saunalahti-vams (vs3-10.mail.saunalahti.fi [62.142.5.94]) by emh05-2.mail.saunalahti.fi (Postfix) with SMTP id 06A9D8C5A3; Tue, 15 Feb 2011 14:16:30 +0200 (EET)
Received: from emh04.mail.saunalahti.fi ([62.142.5.110]) by vs3-10.mail.saunalahti.fi ([62.142.5.94]) with SMTP (gateway) id A0273900B74; Tue, 15 Feb 2011 14:16:30 +0200
Received: from LK-Perkele-VI (a88-112-55-20.elisa-laajakaista.fi [88.112.55.20]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id 1036241BEE; Tue, 15 Feb 2011 14:16:26 +0200 (EET)
Date: Tue, 15 Feb 2011 14:16:21 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Paul Wouters <paul@xelerance.com>
Message-ID: <20110215121621.GA19250@LK-Perkele-VI.localdomain>
References: <928BE494-C59D-4FFF-9390-C459A4BC2107@bblfish.net> <20110214124617.GA31136@LK-Perkele-VI.localdomain> <20110215022103.GA2874@odin.mars.sol> <alpine.LFD.1.10.1102142139560.3131@newtla.xelerance.com> <4D59F233.7080708@vpnc.org> <alpine.LFD.1.10.1102150009450.3131@newtla.xelerance.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <alpine.LFD.1.10.1102150009450.3131@newtla.xelerance.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
X-Antivirus: VAMS
Cc: keyassure@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2011 12:16:07 -0000
On Tue, Feb 15, 2011 at 12:12:08AM -0500, Paul Wouters wrote: > > I understand, but there IS a relationship here. With DANE, you have an > alternative to PKIX-TLS. So such a change would affect TLS, but would > require DANE. Similarly, the TLS group could say "we won't add bare > public key because there is no validation for it" and they'd send me > back to DANE. > > So please don't call bare public key out of scope yet. There are actual technical reasons why putting raw TLS keys in DNS is a bad idea. - The problems it causes with TLS library APIs. - The problems it causes with multiple A/AAAA records. - The problem of not being able to use the sceme for client-to-server. You need a new TLS certtype anyway. I say it is much better way to define new raw key TLS certtype and then assure those via DANE. BTW: Here's one format for raw keys (no ASN.1): General conventions: * uint<n> is n-bit (padding by zeroes on most signficant bits of first octet to be next multiple of an octet) big-endian number. * poly<L> is an element of GF(2^L) given in polynomial basis (again padding on most signficant bits of the first octet with zeroes to be next multiple of an octet). struct rawkey_certificate { //TLS HashAlgorithm registry, MUST NOT be 0 (unhashed) nor 1 (MD5). SHOULD //NOT be 2 (SHA-1). uint<8> tls_hash_algorithm; //Key type uint<16> key_type; switch(key_type) { case 0: //RSA uint<16> L_rsa_n; uint<16> L_rsa_e; uint<L_rsa_n> rsa_n; uint<L_rsa_e> rsa_e; case 1: //DSA uint<16> L_dsa_p; uint<8> L_dsa_q; uint<L_dsa_p> dsa_p; uint<L_dsa_p> dsa_g; uint<L_dsa_p> dsa_y; uint<L_dsa_q> dsa_q; case 2...20: //Prime ECDSA public key (see the table of curves). uint<L> ecdsa_Y_x; uint<L> ecdsa_Y_y; case 21...30: //Binary ECDSA public key (see the table of curves). poly<L> ecdsa_Y_x; poly<L> ecdsa_Y_y; //Other key_types to be defined. } } Constraints for certificate length (L_cert) with different keytypes: RSA: L_cert >= 7 + ceil(L_rsa_n / 8) + ceil(L_rsa_e / 8) DSA: L_cert >= 6 + 3 * ceil(L_dsa_p / 8) + ceil(L_dsa_q / 8) fixed-curve ECDSA: L_cert >= 3 + 2 * ceil(L / 8). The reason why I did not define arbitrary ECDSA curves is that PKIX forbids those and defining full elliptic curve format is actually much more involved than just using a slew of ready-made curves (it could be done, just allocate a key_type for that). I didn't do point compression because ECC points are small anyway and unpacking those if p = 4k + 1 (like NIST P-curves have) is a bit nasty. Table of curves: Keytype: Type: L: Curve: -------- ----- -- ------ 2 Prime 192 NIST P-192 3 Prime 224 NIST P-224 4 Prime 256 NIST P-256 5 Prime 384 NIST P-384 6 Prime 521 NIST P-521 7 Prime 160 Brainpool P160r1 8 Prime 192 Brainpool P192r1 9 Prime 224 Brainpool P224r1 10 Prime 256 Brainpool P256r1 11 Prime 320 Brainpool P320r1 12 Prime 384 Brainpool P384r1 13 Prime 512 Brainpool P512r1 14 Prime 160 Brainpool P160t1 15 Prime 192 Brainpool P192t1 16 Prime 224 Brainpool P224t1 17 Prime 256 Brainpool P256t1 18 Prime 320 Brainpool P320t1 19 Prime 384 Brainpool P384t1 20 Prime 512 Brainpool P512t1 21 Binary 163 NIST B-163 22 Binary 233 NIST B-233 23 Binary 271 NIST B-271 24 Binary 409 NIST B-409 25 Binary 571 NIST B-571 26 Binary 163 NIST K-163 27 Binary 233 NIST K-233 28 Binary 271 NIST K-271 29 Binary 409 NIST K-409 30 Binary 571 NIST K-571 [1] (EC)DSA has no indication what hash type is used. -Ilari
- Re: [keyassure] publishing the public key Henry Story
- [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Scott Schmit
- Re: [keyassure] Issue #14 - publishing the public… Warren Kumari
- Re: [keyassure] Issue #14 - publishing the public… Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key John Gilmore
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story