IETF Logo Mail Archive

Re: [keyassure] publishing the public key

Paul Wouters <paul@xelerance.com> Mon, 14 February 2011 16:37 UTC

Return-Path: <paul@xelerance.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E4F53A6D4D for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 08:37:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyEjB9W0566Q for <keyassure@core3.amsl.com>; Mon, 14 Feb 2011 08:37:21 -0800 (PST)
Received: from newtla.xelerance.com (newtla.xelerance.com [193.110.157.143]) by core3.amsl.com (Postfix) with ESMTP id AFC613A6D4C for <keyassure@ietf.org>; Mon, 14 Feb 2011 08:37:21 -0800 (PST)
Received: from tla.xelerance.com (tla.xelerance.com [193.110.157.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by newtla.xelerance.com (Postfix) with ESMTP id CF7ADC57C; Mon, 14 Feb 2011 11:37:43 -0500 (EST)
Date: Mon, 14 Feb 2011 11:37:43 -0500
From: Paul Wouters <paul@xelerance.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
In-Reply-To: <E1PoziT-00059Y-F9@login01.fos.auckland.ac.nz>
Message-ID: <alpine.LFD.1.10.1102141133400.3131@newtla.xelerance.com>
References: <E1PoziT-00059Y-F9@login01.fos.auckland.ac.nz>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: keyassure@ietf.org
Subject: Re: [keyassure] publishing the public key
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2011 16:37:22 -0000

On Tue, 15 Feb 2011, Peter Gutmann wrote:

>> If you want to help writing a bare public key TLS variant, please contact me.
>
> There is no such thing as a "bare public key".  Public keys have complex
> composite structures, and to encode that you need something like ASN.1 (unless
> you want to invent your own format, which is going to make things even
> uglier).  At this point you're duplicating a significant chunk of ASN.1-
> parsing code outside the certificate code that would normally handle it.  This
> does not seem like a good direction to go in.

The public key's type and raw blob will be obtained from DNSSEC, so
this is no longer required to be conveyed to the client from the server
via a PKIX certificate or other ASN.1 structures. No other certificate
information is desired.

Perhaps some other mode is required if the client needs to be
authenticated by the server, but the use we are talking about here is
for unauthenticated clients, eg the currently deployed "https" mode
without user certs/credentials.

Paul

v2.23.0 | Report a Bug | By Email