Re: [media-types] Internet media type application/pkcs8-encrypted; request review
Sean Turner <turners@ieca.com> Sat, 17 October 2015 20:01 UTC
Return-Path: <turners@ieca.com>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD4661ACD6B for <media-types@ietfa.amsl.com>; Sat, 17 Oct 2015 13:01:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.465
X-Spam-Level: *
X-Spam-Status: No, score=1.465 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8lZmZ-Tm5SAV for <media-types@ietfa.amsl.com>; Sat, 17 Oct 2015 13:01:29 -0700 (PDT)
Received: from pechora1.lax.icann.org (pechora1.icann.org [IPv6:2620:0:2d0:201::1:71]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61E531ACD69 for <media-types@ietf.org>; Sat, 17 Oct 2015 13:01:29 -0700 (PDT)
Received: from gateway22.websitewelcome.com (gateway22.websitewelcome.com [192.185.47.65]) by pechora1.lax.icann.org (8.13.8/8.13.8) with ESMTP id t9HK18Pk014536 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <media-types@iana.org>; Sat, 17 Oct 2015 20:01:29 GMT
Received: by gateway22.websitewelcome.com (Postfix, from userid 500) id 7D58EC87CAA89; Sat, 17 Oct 2015 14:34:55 -0500 (CDT)
Received: from gator3286.hostgator.com (gator3286.hostgator.com [198.57.247.250]) by gateway22.websitewelcome.com (Postfix) with ESMTP id 6929CC87CAA50 for <media-types@iana.org>; Sat, 17 Oct 2015 14:34:55 -0500 (CDT)
Received: from [173.73.126.234] (port=55877 helo=[172.16.0.112]) by gator3286.hostgator.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.85) (envelope-from <turners@ieca.com>) id 1ZnXFl-0001uf-Ql; Sat, 17 Oct 2015 14:34:53 -0500
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Sean Turner <turners@ieca.com>
In-Reply-To: <56211935.10006@seantek.com>
Date: Sat, 17 Oct 2015 15:34:52 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <91C56926-432E-414E-94A7-9947C7F50FCF@ieca.com>
References: <56211935.10006@seantek.com>
To: Sean Leonard <dev+ietf@seantek.com>
X-Mailer: Apple Mail (2.1878.6)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator3286.hostgator.com
X-AntiAbuse: Original Domain - iana.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source-IP: 173.73.126.234
X-Exim-ID: 1ZnXFl-0001uf-Ql
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([172.16.0.112]) [173.73.126.234]:55877
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 5
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IzMjg2Lmhvc3RnYXRvci5jb20=
X-Greylist: Delayed for 00:26:13 by milter-greylist-4.0 (pechora1.lax.icann.org [192.0.33.71]); Sat, 17 Oct 2015 20:01:29 +0000 (UTC)
Archived-At: <http://mailarchive.ietf.org/arch/msg/media-types/DxKHBQKjKOrgEXioo71oXVFs_08>
Cc: draft-kaliski-pkcs8.all@tools.ietf.org, Russ Housley <housley@vigilsec.com>, "media-types@iana.org" <media-types@iana.org>, draft-turner-asymmetrickeyformat.all@tools.ietf.org, draft-moriarty-pkcs12v1-1.all@tools.ietf.org
Subject: Re: [media-types] Internet media type application/pkcs8-encrypted; request review
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Oct 2015 20:01:30 -0000
Sean, I guess I’m confused by this request because I thought we’d agreed was an editorial errata for RFC5958 to address this issue: OLD: .p8 files are sometimes PEM-encoded. When .p8 files are PEM encoded they use the .pem file extension. PEM encoding is either the Base64 encoding, from Section 4 of [RFC4648], of the DER-encoded EncryptedPrivateKeyInfo sandwiched between: -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- NEW: The data in .p8 files is sometimes PEM-encoded. When the data in .p8 files is PEM encoded, the files use the .pem file extension. PEM encoding is either the Base64 encoding, from Section 4 of [RFC4648], of the DER-encoded EncryptedPrivateKeyInfo sandwiched between: -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- spt On Oct 16, 2015, at 11:35, Sean Leonard <dev+ietf@seantek.com> wrote: > To Media Types reviewers (and to relevant security folks): > > This is a first draft of a registration request for the Internet media type application/pkcs8-encrypted, for PKCS #8 EncryptedPrivateKeyInfo content. > > Feedback is appreciated. > > This registration is consistent with the recent application/pkcs8, application/pkcs10, and application/pkcs12 registrations. The relevant standard, RFC 5958, is primarily a republication of PKCS #8, and does not have its own media type registration in the text. > > Regards, > > Sean > > ***** > > Type name: application > > Subtype name: pkcs8-encrypted > > Required parameters: N/A > > Optional parameters: N/A > > Encoding considerations: binary > > Security considerations: > Carries a cryptographic private key. See Section 6 of RFC 5958. > EncryptedPrivateKeyInfo PKCS #8 data contains exactly one private key. Poor password choices, weak algorithms, or improper parameter selections (e.g., insufficient salting rounds) will make the confidential payloads much easier to compromise. > > Interoperability considerations: > PKCS #8 is a widely recognized format for private key information on all modern cryptographic stacks. The encrypted variation in this registration, EncryptedPrivateKeyInfo (Section 3, Encrypted Private Key Info, of RFC 5958, and Section 6 of PKCS #8), is less widely used for exchange than PKCS #12, but it is much simpler to implement. The contents are exactly one private key (with optional attributes), so the possibility for hidden "easter eggs" in the payload such as unexpected certificates or miscellaneous secrets is drastically reduced. > > Published specification: > PKCS #8 v1.2, November 1993 (republished as RFC 5208, May 2008); RFC 5958, August 2010 > > Applications that use this media type: > Machines, applications, browsers, Internet kiosks, and so on, that support this standard allow a user to import, export, and exercise a single private key. > > Fragment identifier considerations: N/A > > Additional information: > > Deprecated alias names for this type: N/A > Magic number(s): None. > File extension(s): .p8e > Macintosh file type code(s): N/A > > Person & email address to contact for further information: > Sean Leonard <dev+ietf&seantek.com> > > Intended usage: COMMON > > Restrictions on usage: None. > > Author: > RSA, EMC, IETF > > Change controller: The IETF > > Provisional registration? (standards tree only): No > >
- [media-types] Internet media type application/pkc… Sean Leonard
- Re: [media-types] Internet media type application… Sean Turner
- Re: [media-types] Internet media type application… Sean Leonard
- Re: [media-types] Internet media type application… Sean Leonard
- Re: [media-types] Internet media type application… Henrik Andersson