Re: [keyassure] publishing the public key

I had received your mails Peter.  Your mail is also available in the archives.

   http://www.ietf.org/mail-archive/web/keyassure/current/msg01846.html

Ilari Liusvaara came up with a format for raw keys in what seems to be C

   http://www.ietf.org/mail-archive/web/keyassure/current/msg01803.html

(though I am not sure that C is progress over ASN.1 for such a specification)

My question is: what do people use now to pass public keys? I know an X509 cert
contains the public key, though I don't know if it can contain ECC keys. 
If it does then there is another simple answer: extract the part of that document
that contains both the type of the key and the details of it, and use that.

So in the XML world the xmldsig spec defines the KeyInfo element 
http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo
which specified the following keys

   * http://www.w3.org/2000/09/xmldsig#DSAKeyValue
   * http://www.w3.org/2000/09/xmldsig#RSAKeyValue
   * http://www.w3.org/2000/09/xmldsig#X509Data
   * http://www.w3.org/2000/09/xmldsig#PGPData
   * http://www.w3.org/2000/09/xmldsig#SPKIData
   * http://www.w3.org/2000/09/xmldsig#MgmtData

So there one could just take the KeyInfo Element, and use that as a document format to place the
keys in. Of course one would remove X509, PGP keys, and one would have to define an xml structure for
elliptic curve keys. I am not recomending this option

So essentially there has to be a way of having a structure a bit more general than the following
that can encode all the needed keys and that is extensible

  RSAPublicKey ::= SEQUENCE {
    modulus           INTEGER,  -- n
    publicExponent    INTEGER   -- e
  }

So there does not seem to be a lack of solutions. The trick I suppose is finding the one that is the most likely to be adopted. I suppose some ASN.1 DER encoding is the one most tools are ready for.

Henry

On 19 Feb 2011, at 02:24, Peter Gutmann wrote:

> [Several of my posts didn't make it to the list, these are re-posts of earlier
> messages]
> 
> Paul Wouters <paul@xelerance.com> writes:
>> On Tue, 15 Feb 2011, Peter Gutmann wrote:
>>>> The public key's type and raw blob will be obtained from DNSSEC, so this is
>>>> no longer required to be conveyed to the client from the server via a PKIX
>>>> certificate or other ASN.1 structures.
>>> 
>>> But what format is the "type and raw blob" in?  You need some way of encoding
>>> it, and if it's not the standard ASN.1 format what are you going to use?
>> 
>> I'm not sure I understand your question.
> 
> A public key contains a number of components and options. For example for ECC
> there are the basic key values p, a, b, G, n, h (or m, f, a, b, G, n, h for
> binary curves), an indication of the underlying field (prime or binary), the
> point format, whether point compression is used, polynomial vs. normal basis,
> whether fixed domain parameters are used, and probably some other stuff I've
> forgotten.  How is all this stuff communicated?
> 
>> The key would encoded in DNS, likely in a format similar to DNSKEY.
> 
> DNSKEY (RFC 3757) just specifies an opaque value labelled "public key".  If
> you mean RFC 4034:
> 
>  RSA/MD5 [RSAMD5]         n      [RFC2537]  NOT RECOMMENDED
>  Diffie-Hellman [DH]      n      [RFC2539]   -
>  DSA/SHA-1 [DSA]          y      [RFC2536]  OPTIONAL
>  Elliptic Curve [ECC]              TBA       -
>  RSA/SHA-1 [RSASHA1]      y      [RFC3110]  MANDATORY
> 
> this (a) ain't gonna cut it because it doesn't cover what's required by TLS
> and (b) requires that your TLS implementation speak DNSSEC (or at least the
> DNSKEY part of DNSSEC) just to get a key. I can't see TLS implementors being
> too enthusiastic about this.
> 
> Peter.
> _______________________________________________
> keyassure mailing list
> keyassure@ietf.org
> https://www.ietf.org/mailman/listinfo/keyassure

Social Web Architect
http://bblfish.net/