Re: [pkix] Strawman on EdDSA/Ed25519 for PKIX Certificate/CRLs
Erwann Abalea <eabalea@gmail.com> Tue, 23 June 2015 14:38 UTC
Return-Path: <eabalea@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4C5B1B2C78 for <pkix@ietfa.amsl.com>; Tue, 23 Jun 2015 07:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fMdLg1MR73e0 for <pkix@ietfa.amsl.com>; Tue, 23 Jun 2015 07:38:44 -0700 (PDT)
Received: from mail-vn0-x234.google.com (mail-vn0-x234.google.com [IPv6:2607:f8b0:400c:c0f::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F51B1B2C87 for <pkix@ietf.org>; Tue, 23 Jun 2015 07:38:44 -0700 (PDT)
Received: by vnbf129 with SMTP id f129so1827799vnb.4 for <pkix@ietf.org>; Tue, 23 Jun 2015 07:38:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=TUqfvwvy7yOT4oZb3sqQGCJCjO0VkVx5m7QX4nck0XY=; b=PDUvsNxoHE+NGgCOeblgIcNWyXMt5uZmpBOT+1X6dhbDdBozD7Jo4NYwQ+jDdznf2+ 1iGIw8KCO3HI/LpdwCG9HjB+RviCTRnWITtHsG5RJs/3MfPPgOscYVjHPO3kb5qZ7IBt OXKgNvc9QsBDbP0hn0qdWWR8+mjhv+nk7FtipN1CqChe/BqxtRXtKk+SBdQ6ZOGxgsDe wRyn4egVZuvN6tfbXHQtqPAC7uTSixldoX2599j/5+tM2twigylwChz97XlF6Z3qiHOS 6RV73eCZjupGB3nO3NzFtX60YaFUo4Aw+/v6mu+d340i3HA0BF/tFKLvKam3PbwaFAyX NZtg==
MIME-Version: 1.0
X-Received: by 10.52.35.107 with SMTP id g11mr31910731vdj.37.1435070323732; Tue, 23 Jun 2015 07:38:43 -0700 (PDT)
Received: by 10.52.110.2 with HTTP; Tue, 23 Jun 2015 07:38:43 -0700 (PDT)
In-Reply-To: <87pp4wka1q.fsf@latte.josefsson.org>
References: <20150601142206.1d7bedc0@latte.josefsson.org> <87pp4wka1q.fsf@latte.josefsson.org>
Date: Tue, 23 Jun 2015 16:38:43 +0200
Message-ID: <CA+i=0E6cWgNd7MHsP56LaVkdGaTKW+=VWamENwOrda+oebtfZQ@mail.gmail.com>
From: Erwann Abalea <eabalea@gmail.com>
To: Simon Josefsson <simon@josefsson.org>
Content-Type: multipart/alternative; boundary="20cf3079c0a4dfb73205193058c6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/2O8Pz5rj6kqnZcrdSfHU1wtQFZQ>
Cc: "<pkix@ietf.org>" <pkix@ietf.org>
Subject: Re: [pkix] Strawman on EdDSA/Ed25519 for PKIX Certificate/CRLs
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 14:38:53 -0000
Bonjour, Section 5: EdDSAParameters is an ENUMERATED with (for now) only one value: "ed25519", which designates a signature algorithm and not a set of public key parameters. I guess one might want to find "curve25519" and "curve448" here. Since this type is used with a public key algorithm, naming it with a signature algorithm might not be suited. Section 5: the subjectPublicKey BIT STRING seems to contain an additional OCTET STRING, which isn't necessary at this moment (however, since point encoding hasn't been decided yet at CFRG, it may change). Section 6: what is the rationale to define keyUsage values here? I'd drop this section. Section 7: signature parameters will be necessary and will be declared either within the algorithm OID (as is done with ECDSA-with-*), within the parameters data element, or both (as is done with RSASSA-PSS); right now, Ed25519 is hardcoded to use SHA512, but you'll have to consider EdDSA with other hash functions, or different curves (it's not yet decided which hash function to use with curve448). Section 7: signature encoding itself must also be defined (or referenced); for ECDSA, it's a SEQUENCE of 2 INTEGERs; here, it seems that r and s are concatenated, but it's stated nowhere (maybe draft-josefsson-eddsa-ed25519?) Section 8: the example certificate doesn't use the EdDSAParameters type to indicate the curve used. Section 8: the example certificate doesn't follow section 7 (parameters MUST be absent) 2015-06-15 22:10 GMT+02:00 Simon Josefsson <simon@josefsson.org>: > Hi, > > I have updated the document a bit. It appears likely that EdDSA will be > usable with other parameters than Ed25519, so I made the EdDSA > parameters an algorithm parameter rather than implied from the OID. > > https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-01 > > An (already outdated) example of an EdDSA X.509 certificate and EdDSA > public-key is also included, so you can throw it at your ASN.1 parsers. > > /Simon > > _______________________________________________ > pkix mailing list > pkix@ietf.org > https://www.ietf.org/mailman/listinfo/pkix > > -- Erwann.
- [pkix] Strawman on EdDSA/Ed25519 for PKIX Certifi… Simon Josefsson
- Re: [pkix] Strawman on EdDSA/Ed25519 for PKIX Cer… Simon Josefsson
- Re: [pkix] Strawman on EdDSA/Ed25519 for PKIX Cer… Erwann Abalea
- Re: [pkix] Strawman on EdDSA/Ed25519 for PKIX Cer… Simon Josefsson