Re: [Russ Housley] Fwd: [TLS] Last Call: 'Using OpenPGP keys for TLS authentication' to Experimental RFC (draft-ietf-tls-openpgp-keys)
Werner Koch <wk@gnupg.org> Tue, 27 June 2006 14:41 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FvEkl-0007qE-4V for openpgp-archive@lists.ietf.org; Tue, 27 Jun 2006 10:41:23 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FvEkj-0002lp-Pf for openpgp-archive@lists.ietf.org; Tue, 27 Jun 2006 10:41:23 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k5REMVdj000933; Tue, 27 Jun 2006 07:22:31 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k5REMVWO000932; Tue, 27 Jun 2006 07:22:31 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k5REMTJE000914 for <ietf-openpgp@imc.org>; Tue, 27 Jun 2006 07:22:29 -0700 (MST) (envelope-from wk@gnupg.org)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1FvEaa-0000yS-LD for <ietf-openpgp@imc.org>; Tue, 27 Jun 2006 16:30:52 +0200
Received: from wk by localhost with local (Exim 4.62 #1 (Debian)) id 1FvENS-0007Vg-I3 for <ietf-openpgp@imc.org>; Tue, 27 Jun 2006 16:17:18 +0200
From: Werner Koch <wk@gnupg.org>
To: ietf-openpgp@imc.org
Subject: Re: [Russ Housley] Fwd: [TLS] Last Call: 'Using OpenPGP keys for TLS authentication' to Experimental RFC (draft-ietf-tls-openpgp-keys)
References: <sjmlkrihgyq.fsf@cliodev.pgp.com>
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Date: Tue, 27 Jun 2006 16:17:18 +0200
In-Reply-To: <sjmlkrihgyq.fsf@cliodev.pgp.com> (Derek Atkins's message of "Tue, 27 Jun 2006 09:21:33 -0400")
Message-ID: <87bqsebs41.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.110006 (No Gnus v0.6)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 82c9bddb247d9ba4471160a9a865a5f3
Hi,
I can't comment on TLS specific things but here are a few minor
things:
1. Introduction
[...]
OpenPGP keys (sometimes called OpenPGP certificates), provide
security services for electronic communications. They are widely
deployed, especially in electronic mail applications, provide public
key authentication services, allow distributed key management and can
be used with a non hierarchical trust model called the "web of trust"
[WOT].
Because OpenPGP does not define any trust model, a wording like
... and allows the use in non hierarchical trust models, for
example the "Web of Trust"[WOT].
seems to better to me.
[...]
2.3. Server Certificate
[...]
DHE_RSA RSA public key which can be used for
signing.
Shouldn't this say: "RSA public key which can be used for
authentication"? Recall that OpenPGP features a key flag to indicate
an authentication key (0x20).
[...]
3. Security Considerations
As with X.509 ASN.1 formatted keys, OpenPGP keys need specialized
parsers. Care must be taken to make those parsers safe against
maliciously modified keys, that could cause arbitrary code execution.
That is superfluous as this is (or well, should) be standard
programming practise. It is in no way special to TLS or OpenPGP.
Salam-Shalom,
Werner
- [Russ Housley] Fwd: [TLS] Last Call: 'Using OpenP… Derek Atkins
- Re: [Russ Housley] Fwd: [TLS] Last Call: 'Using O… Werner Koch
- Re: [Russ Housley] Fwd: [TLS] Last Call: 'Using O… Jon Callas