Re: [Russ Housley] Fwd: [TLS] Last Call: 'Using OpenPGP keys for TLS authentication' to Experimental RFC (draft-ietf-tls-openpgp-keys)
Jon Callas <jon@callas.org> Tue, 27 June 2006 16:29 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FvGRW-0002vR-GA for openpgp-archive@lists.ietf.org; Tue, 27 Jun 2006 12:29:38 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FvGRU-0005ar-VT for openpgp-archive@lists.ietf.org; Tue, 27 Jun 2006 12:29:38 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k5RG2EKZ027906; Tue, 27 Jun 2006 09:02:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k5RG2Eu6027904; Tue, 27 Jun 2006 09:02:14 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k5RG2DKR027894 for <ietf-openpgp@imc.org>; Tue, 27 Jun 2006 09:02:13 -0700 (MST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (keys.merrymeet.com [63.73.97.166]) (Authenticated sender: jon) by merrymeet.com (Postfix) with ESMTP id 363861AC655 for <ietf-openpgp@imc.org>; Tue, 27 Jun 2006 09:02:11 -0700 (PDT)
Received: from [10.13.252.251] ([212.44.18.222]) by keys.merrymeet.com (PGP Universal service); Tue, 27 Jun 2006 09:02:11 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Tue, 27 Jun 2006 09:02:11 -0700
Mime-Version: 1.0 (Apple Message framework v750)
In-Reply-To: <87bqsebs41.fsf@wheatstone.g10code.de>
References: <sjmlkrihgyq.fsf@cliodev.pgp.com> <87bqsebs41.fsf@wheatstone.g10code.de>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <C72EBB56-E575-4629-8A92-5436122F4F91@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: [Russ Housley] Fwd: [TLS] Last Call: 'Using OpenPGP keys for TLS authentication' to Experimental RFC (draft-ietf-tls-openpgp-keys)
Date: Tue, 27 Jun 2006 09:02:03 -0700
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.750)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6ffdee8af20de249c24731d8414917d3
On 27 Jun 2006, at 7:17 AM, Werner Koch wrote: > > Hi, > > I can't comment on TLS specific things but here are a few minor > things: > > 1. Introduction > > [...] > > OpenPGP keys (sometimes called OpenPGP certificates), provide > security services for electronic communications. They are widely > deployed, especially in electronic mail applications, provide > public > key authentication services, allow distributed key management > and can > be used with a non hierarchical trust model called the "web of > trust" > [WOT]. > > Because OpenPGP does not define any trust model, a wording like > > ... and allows the use in non hierarchical trust models, for > example the "Web of Trust"[WOT]. > > seems to better to me. > The important thing is that trust models are not part of OpenPGP. I think it should also say, "OpenPGP certificates (often called OpenPGP keys), ..." for reasons I'll state more fully after my comments on Werner's comments. > > [...] > > 2.3. Server Certificate > > [...] > > DHE_RSA RSA public key which can be used for > signing. > > Shouldn't this say: "RSA public key which can be used for > authentication"? Recall that OpenPGP features a key flag to indicate > an authentication key (0x20). > Yes, it should. > > [...] > > 3. Security Considerations > > As with X.509 ASN.1 formatted keys, OpenPGP keys need specialized > parsers. Care must be taken to make those parsers safe against > maliciously modified keys, that could cause arbitrary code > execution. > > That is superfluous as this is (or well, should) be standard > programming practise. It is in no way special to TLS or OpenPGP. > I concur. It might as well have another paragraph as well that says: This RFC specifies the use of data. Improper use of data can cause arbitrary code execution. Care must be taken to prevent this. I think that paragraph can go. ---------- There is one other issue that I think should be cleaned up. It concerns the use of the words, "key" and "certificate." The term "PGP Key" was invented by Whit Diffie, and has a number of desirable characteristics. It's one syllable, it's an easy word to say. However, "PGP Keys" are in fact certificates that contain at least one key and at least one certification. In RFC2440 and beyond, we have used the colloquial term "key" but I think in this document the more precise term "certificate" is called for. Strictly speaking, the objects that TLS is using in this draft is a PGP Certificate with a Public Key Packet (tag 6) or Public Subkey Packet (tag 14) that is enabled for authentication implicitly or explicitly. This is why a little bit of over-precision is called for. I might present you with a single-key OpenPGP certificate that is enabled for authentication with a key flags subpacket. But I might also present you with an OpenPGP certificate that has a subkey with no key flags, which would also be reasonable. So I recommend changing "OpenPGP key" or "OpenPGP public key" to "OpenPGP certificate" throughout the document. It might be good to point out the fact that it can be a subkey. Minimally, one could change the text in 2.3: An OpenPGP public key appearing in the Certificate message will be sent using the binary OpenPGP format. The term public key is used to describe a composition of OpenPGP packets to form a block of data which contains all information needed by the peer. This includes public key packets, user ID packets and all the fields described in section 10.1 of [OpenPGP]. to An OpenPGP certificate appearing in the Certificate message will be sent using the binary OpenPGP format. The term certificate is used to describe a composition of OpenPGP packets to form a block of data which contains all information needed by the peer. This includes public key packets, subkey packets, user ID packets and all the fields described in section 10.1 of [OpenPGP]. That would work just fine and would preserve the virtue of terseness that the present draft has. Jon
- [Russ Housley] Fwd: [TLS] Last Call: 'Using OpenP… Derek Atkins
- Re: [Russ Housley] Fwd: [TLS] Last Call: 'Using O… Werner Koch
- Re: [Russ Housley] Fwd: [TLS] Last Call: 'Using O… Jon Callas