[Mathmesh] pkix-keyinfo content type

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 15 August 2019 19:10 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: mathmesh@ietfa.amsl.com
Delivered-To: mathmesh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D5EE120142; Thu, 15 Aug 2019 12:10:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bp-FKJGTs5gG; Thu, 15 Aug 2019 12:10:17 -0700 (PDT)
Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77CEB120147; Thu, 15 Aug 2019 12:10:12 -0700 (PDT)
Received: by mail-oi1-f182.google.com with SMTP id p124so3032789oig.5; Thu, 15 Aug 2019 12:10:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=llFFtfqY9Rg6kVr5D1wfrBpp+BQ0fsYGOtSKCENjvnQ=; b=Zyb23zqginfBi0TMkhsuedMm4lTTMTvl3Xj23Tidck7yX08CD1i1jW/8zEL8XQvaPn +Bfb0yTJSQplXuTLlJABBsu3cAbDvF3M+i++S/p0qUghXLfjqXurDWgeYswR/8Kz1xlo Y3sqkI9lLPcgfrHB3ETGCF9/mxSMilb0/xMwd5XyW6j079i/PMnHs0YrGOwN4ZHCUw7b 6ObqPk78b0qGdh4dco4b12GjQLm0p1Z1XZksdS1AMmQz1qa36L1MkLEQRNNbFQUeUziz /9uKOx2dTCtCjX3Gh7EDMrGaIk1ggCSWEg4y0nzmX1EI9sQDiuwHl5yRrwNbxDF/MwsG JHBw==
X-Gm-Message-State: APjAAAX7l4j7m0HIQnOMSNCfXnMR4o/Vom6mlnEqElfihCo551mtTGA5 zZoJIpAWhdaRtehNqHa6dZrGpXmhwGtq+AVL6ofjZaB0
X-Google-Smtp-Source: APXvYqz3argZa1CGAVNw+vcXGbQ6D5T3earWKeNZlkoPgA/lZ9Go+MhT69cXPnLxj9YakC6Fk9R5TAJ6us0zNOaTvhs=
X-Received: by 2002:aca:ea45:: with SMTP id i66mr2676398oih.17.1565896211235; Thu, 15 Aug 2019 12:10:11 -0700 (PDT)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 15 Aug 2019 15:10:01 -0400
Message-ID: <CAMm+LwihsbxErHC5MWWxP9zH71HmYCTDRaJaa1K_cEHT-XoP3A@mail.gmail.com>
To: SPASM <SPASM@ietf.org>, mathmesh@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006d0d8005902c9f89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mathmesh/YXMTYsvLlQR9__Vqy-kGH7EiMXA>
Subject: [Mathmesh] pkix-keyinfo content type
X-BeenThere: mathmesh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <mathmesh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mathmesh>, <mailto:mathmesh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mathmesh/>
List-Post: <mailto:mathmesh@ietf.org>
List-Help: <mailto:mathmesh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mathmesh>, <mailto:mathmesh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 19:10:19 -0000

I just applied for a provisional IANA media type 'pkix-keyinfo' for use in
computing UDF values and it occurs to me that I should make LAMPS aware of
the proposed use.

The spec is available here:

https://tools.ietf.org/html/draft-hallambaker-mesh-udf-05
http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html#n-pkix-certificates-and-keys


I strongly recommend using the second version as it uses the new HTML RFC
format to rended superscripts and subscripts etc.

In brief, the idea is to allow a single fingerprint format to be used to
encode any content type without semantic substitution attacks. So to take
the digest of a public key, we first generate the PKIX SubjectPublicKeyInfo
 :

   SubjectPublicKeyInfo  ::=  SEQUENCE  {

        algorithm            AlgorithmIdentifier,

        subjectPublicKey     BIT STRING  }

Then we take this octet stream <SubjectPublicKeyInfo> and calculate:

H ( "application/pkix-keyinfo:" + H(<SubjectPublicKeyInfo>) )

Where + is concatenation.

The reason the new content type is required is that there has not been an
application that would make use of a SubjectPublicKeyInfo fragment in
isolation before.