Re: [pkix] PKCS #8? Re: Updated EdDSA/Ed25519 PKIX document

Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 11 November 2015 22:59 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 193831B3BE2 for <pkix@ietfa.amsl.com>; Wed, 11 Nov 2015 14:59:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gcxYgtv0T326 for <pkix@ietfa.amsl.com>; Wed, 11 Nov 2015 14:59:54 -0800 (PST)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B4EA1B3BE1 for <pkix@ietf.org>; Wed, 11 Nov 2015 14:59:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1447282796; x=1478818796; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=vitJTgZ5PDMUdT/6ZExLmY5nVdkzWvG/9UaZUP/NqgI=; b=xfaeMUXn3AoYljTTw7LcjC6QLBU2f04pcp95dTJaRCkK825rgHp69Edu ifmvXPQfva1XYPJQbQEE6tl07p7QW815KzokZEnw6uCBDCySqd9s4iWKe oATBEN+q6NOZ7vlMjF35OfRSu/w5W/aQ8liHDvgHG2qBLlF6HSLn5smMi sR6K8R1DVPRwmmyWRg3+DJdDseIgf/eyHfegXjarO5DUheixkpoYor7fm Tgl4IJzqdSPrOo0EEYadYqSBzvHnck/e34lPCBXVqAspcLgMLi/1LwxaO GRzwtYRKItI+H3eE/Fgo+lNMBoFFSPA78cXa4cYsgYtzWp5otfIlXfk7J A==;
X-IronPort-AV: E=Sophos;i="5.20,278,1444647600"; d="scan'208";a="53796710"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.112 - Outgoing - Outgoing
Received: from uxchange10-fe1.uoa.auckland.ac.nz ([130.216.4.112]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 12 Nov 2015 11:59:54 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.51]) by uxchange10-fe1.UoA.auckland.ac.nz ([130.216.4.112]) with mapi id 14.03.0174.001; Thu, 12 Nov 2015 11:59:52 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Simon Josefsson <simon@josefsson.org>, Anders Rundgren <anders.rundgren.net@gmail.com>
Thread-Topic: [pkix] PKCS #8? Re: Updated EdDSA/Ed25519 PKIX document
Thread-Index: AQHRHGs0D+L28iSwTE+/OLVbDpWwCp6V5MMAgAGLiIs=
Date: Wed, 11 Nov 2015 22:59:50 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B5EBCF@uxcn10-5.UoA.auckland.ac.nz>
References: <878u7xtu06.fsf@latte.josefsson.org> <5643175F.9070405@gmail.com>,<1447244606.16388.10.camel@josefsson.org>
In-Reply-To: <1447244606.16388.10.camel@josefsson.org>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/CXGSveu3xXElG8UupwEIO2sT9no>
Cc: "pkix@ietf.org" <pkix@ietf.org>
Subject: Re: [pkix] PKCS #8? Re: Updated EdDSA/Ed25519 PKIX document
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2015 22:59:58 -0000

Simon Josefsson <simon@josefsson.org> writes:

>Does anyone have thoughts on which approach to use?

Why not use the PKCS #15 format?  PKCS #8 was created for one and only one
algorithm type, RSA.  Since then it's been hacked around repeatedly to support
other algorithms that it was never designed for, and will probably need lots
more hacking around in the future.  The PKCS #15 format OTOH was designed to
support pretty much every known key type out of the box.

PKCS #15 support for EdDSA would consist of adding a new OID to an encoding
table.

Peter.