Re: [openpgp] PKI (RFC 5480) mapping to ECC keys (RFC 6637)

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 18 July 2013 20:18 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA3EF11E81ED for <openpgp@ietfa.amsl.com>; Thu, 18 Jul 2013 13:18:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_45=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E+r7gMbqLJFH for <openpgp@ietfa.amsl.com>; Thu, 18 Jul 2013 13:17:59 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id F03EE11E81A1 for <openpgp@ietf.org>; Thu, 18 Jul 2013 13:17:58 -0700 (PDT)
Received: from [192.168.13.182] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 7D937F948 for <openpgp@ietf.org>; Thu, 18 Jul 2013 16:17:56 -0400 (EDT)
Message-ID: <51E84D72.2010406@fifthhorseman.net>
Date: Thu, 18 Jul 2013 16:17:54 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130630 Icedove/17.0.7
MIME-Version: 1.0
To: openpgp@ietf.org
References: <51E84A3C.8060800@brainhub.org>
In-Reply-To: <51E84A3C.8060800@brainhub.org>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2UFVHPUNHNEOFCRKHABPH"
Subject: Re: [openpgp] PKI (RFC 5480) mapping to ECC keys (RFC 6637)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2013 20:18:03 -0000

On 07/18/2013 04:04 PM, Andrey Jivsov wrote:
> 1. Add ID 20 that is ECDH+ECDSA. It will be defined identically to ID 18
> (ECDH), but will also be allowed to perform the signature/verification
> functionality of ID 19 (ECDSA).
> 
> 2. Overload ID 18 to allow ECDSA. One problem here is that it we loose
> the ability to map id-ecDH into ID 18.
> 
> 3. Overload of ID 19 will not work, because it lacks KEK parameters that
> are needed for encryption. Plus, sign-only application are useful for
> regulatory compliance (because it's not encryption).
> 
> I assume that it will be common (or at least possible) to issue end-user
> X.509 certificates for SMIME that are signing+encryption. Thus, even
> though current PKI CA certificates can be mapped to ID 19 based on
> keyUsage flags, we cannot do this in all cases.
> 
> I see #1 as the only perfect solution for the problem. Does anybody have
> any other thought about how to proceed?

Your first proposed solution (#1) seems reasonable to me, and not
without precedent.  It's similar to the asymmetric key IDs allocated for
RSA:

  https://tools.ietf.org/html/rfc4880#section-9.1

      1          - RSA (Encrypt or Sign) [HAC]
      2          - RSA Encrypt-Only [HAC]
      3          - RSA Sign-Only [HAC]

Regards,

	--dkg