Re: [keyassure] publishing the public key
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 19 February 2011 01:24 UTC
Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 43BB93A6F52 for <keyassure@core3.amsl.com>; Fri, 18 Feb 2011 17:24:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tUnGV0h8-QLH for <keyassure@core3.amsl.com>; Fri, 18 Feb 2011 17:24:01 -0800 (PST)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by core3.amsl.com (Postfix) with ESMTP id EFDDD3A6EDE for <keyassure@ietf.org>; Fri, 18 Feb 2011 17:24:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1298078676; x=1329614676; h=from:to:subject:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20keyassure@ietf.org|Subject:=20Re:=20[keyassure]=20 publishing=20the=20public=20key|Message-Id:=20<E1PqbYp-00 08EI-Dx@login01.fos.auckland.ac.nz>|Date:=20Sat,=2019=20F eb=202011=2014:24:35=20+1300; bh=mjF1W3gMfrsKhVGgIWhvKXLAyDaPO06qqxhUIdez8ug=; b=kR57CqoH1ms1i2C5pWOxe18Ybj4FLmaWTfBnpSQF0bOLHthAZiR1liBL Dc5WE5yIobQ6MB2vQNBO0uJUPH4CSul3oJQvrHzGPQ7ULrYU6dAGjTzVY Y4Nrx+4FMxiXX1G8exr0nqCqYf6r9XBRPVKRnJxuhA065er7amCddyp+5 4=;
X-IronPort-AV: E=Sophos;i="4.62,190,1296990000"; d="scan'208";a="46881848"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 19 Feb 2011 14:24:35 +1300
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1PqbYp-0003lx-Hg for keyassure@ietf.org; Sat, 19 Feb 2011 14:24:35 +1300
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1PqbYp-0008EI-Dx for keyassure@ietf.org; Sat, 19 Feb 2011 14:24:35 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: keyassure@ietf.org
Message-Id: <E1PqbYp-0008EI-Dx@login01.fos.auckland.ac.nz>
Date: Sat, 19 Feb 2011 14:24:35 +1300
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Feb 2011 01:24:02 -0000
[Several of my posts didn't make it to the list, these are re-posts of earlier messages] Paul Wouters <paul@xelerance.com> writes: >On Tue, 15 Feb 2011, Peter Gutmann wrote: >>> The public key's type and raw blob will be obtained from DNSSEC, so this is >>> no longer required to be conveyed to the client from the server via a PKIX >>> certificate or other ASN.1 structures. >> >> But what format is the "type and raw blob" in? You need some way of encoding >> it, and if it's not the standard ASN.1 format what are you going to use? > >I'm not sure I understand your question. A public key contains a number of components and options. For example for ECC there are the basic key values p, a, b, G, n, h (or m, f, a, b, G, n, h for binary curves), an indication of the underlying field (prime or binary), the point format, whether point compression is used, polynomial vs. normal basis, whether fixed domain parameters are used, and probably some other stuff I've forgotten. How is all this stuff communicated? >The key would encoded in DNS, likely in a format similar to DNSKEY. DNSKEY (RFC 3757) just specifies an opaque value labelled "public key". If you mean RFC 4034: RSA/MD5 [RSAMD5] n [RFC2537] NOT RECOMMENDED Diffie-Hellman [DH] n [RFC2539] - DSA/SHA-1 [DSA] y [RFC2536] OPTIONAL Elliptic Curve [ECC] TBA - RSA/SHA-1 [RSASHA1] y [RFC3110] MANDATORY this (a) ain't gonna cut it because it doesn't cover what's required by TLS and (b) requires that your TLS implementation speak DNSSEC (or at least the DNSKEY part of DNSSEC) just to get a key. I can't see TLS implementors being too enthusiastic about this. Peter.
- Re: [keyassure] publishing the public key Henry Story
- [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Martin Rex
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Scott Schmit
- Re: [keyassure] Issue #14 - publishing the public… Warren Kumari
- Re: [keyassure] Issue #14 - publishing the public… Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key Ilari Liusvaara
- Re: [keyassure] publishing the public key Yaron Sheffer
- Re: [keyassure] publishing the public key John Gilmore
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Paul Wouters
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Phillip Hallam-Baker
- Re: [keyassure] publishing the public key Peter Gutmann
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Paul Hoffman
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Henry Story
- Re: [keyassure] publishing the public key Stephen Kent
- Re: [keyassure] publishing the public key Henry Story