Re: [pkix] In-the-wild implementations of RFC6955?
Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 26 May 2022 19:22 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E39E5C1D34E4 for <pkix@ietfa.amsl.com>; Thu, 26 May 2022 12:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.954
X-Spam-Level:
X-Spam-Status: No, score=-3.954 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJQbC8E7jMma for <pkix@ietfa.amsl.com>; Thu, 26 May 2022 12:22:28 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15EC2C1D34E3 for <pkix@ietf.org>; Thu, 26 May 2022 12:22:28 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id c5-20020a1c3505000000b0038e37907b5bso3408326wma.0 for <pkix@ietf.org>; Thu, 26 May 2022 12:22:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=HwdPYEg2VCgSRqLKO4/ZeKBV61POBO2+AiboNGspVhs=; b=a2INL9gj6g5TWMTAeQ2Vc17ldGnybOM/bsPZfKN+bASiz61ZAC7w9f5bF3jDDhYMmX EMp7vQCiuT8mIx2YHwHriYKguUEgaVpR0qtxBhLV/V4kLdSfhoGf389WaPZWliwu9QpR ITazXX4q6yzl8dDIXIKXEuLFEz04mLoabeWHKQiZryzjRV3aeVbbfv9NEc2kUzcDkxlt yYGcoe+TzYEZW3nxVb3FW863rq++80c8hL7MleSKecPmfxiU6nWWJTRxdMZKI25Yt7Kv Uk/h12otKlXwNEDaFExOlVTchNGQouWsL6iMoauiXh4nBdMzxpbwpPwrpco3rVXGYhm9 ZkIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=HwdPYEg2VCgSRqLKO4/ZeKBV61POBO2+AiboNGspVhs=; b=gBXeTYgbUbmlknn0hu6AgtpjjZ8gqZvx9FIPXBVdTELLyLbCjQhDoLYpXlv/yyFOTb sHt3EOxHT4aOwHtdVmbDtLGfDiA97itOXWg9i1XPYB20ywdd7wc0bTIqhEsOErUj2CsR JDe8AOyTr4e9SriRUxfSRfWNw5B9LIuD5ia2hzXZiD4Z7w0+2dudiwJZUjRdVoGpvjs+ s4SvnO7WFXob5gARbMFM594cJfV5rlWFbo6puPue38vMwBCDnicUG5uuCUh0g4UFuZjI fKi48sV62Lb9F1+SWLYDkJ9YFCbVv+wvCNJ3WlIRNF7C4sqWr0TzIzV6vML5aFi6Xx8L m1ww==
X-Gm-Message-State: AOAM531wr2NshxRHFoYQ2FlF8oQETgfDIaTB4/rzZpwiH0HU2ppBBIOq +/W+6KJN9nCy+As4ahFdBn84sexchWk=
X-Google-Smtp-Source: ABdhPJxRX6ORBE+TCAEA/HpCsohq6VqdrW+Do8W8HBSn3oCetTXH9T1Dd05VPMIiythHQCMUjWTZVA==
X-Received: by 2002:a05:600c:26d2:b0:397:49cd:2cda with SMTP id 18-20020a05600c26d200b0039749cd2cdamr3683745wmv.141.1653592946129; Thu, 26 May 2022 12:22:26 -0700 (PDT)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id z24-20020a7bc7d8000000b003974ba5cacdsm2631571wmk.35.2022.05.26.12.22.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 26 May 2022 12:22:25 -0700 (PDT)
Message-ID: <c68951a2-6bbc-30fc-4ceb-832e45618c86@gmail.com>
Date: Thu, 26 May 2022 21:22:25 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Michael StJohns <msj@nthpermutation.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, IETF PKIX <pkix@ietf.org>
References: <61955a76-232b-81e0-9fff-afea5cd6790b@nthpermutation.com> <SY4PR01MB6251FD54A917409C51BBCBC2EED79@SY4PR01MB6251.ausprd01.prod.outlook.com> <ef9d463f-5abf-b8d8-16fa-3db7980a767e@nthpermutation.com> <SY4PR01MB6251F64ACF9D954D0D6B5CDFEED99@SY4PR01MB6251.ausprd01.prod.outlook.com> <3134770a-4ebb-671d-7c8b-9945737416fe@gmail.com> <94b64d59-67b7-67ae-658d-fa2c0472ed33@nthpermutation.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
In-Reply-To: <94b64d59-67b7-67ae-658d-fa2c0472ed33@nthpermutation.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/Hd4mZe0Mzl04AfynvwOkPHZh-AE>
Subject: Re: [pkix] In-the-wild implementations of RFC6955?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2022 19:22:32 -0000
On 2022-05-26 19:58, Michael StJohns wrote: > This looks like a perfectly sane X25519 certificate, signed by what's > probably a P521 CA. You could remove the basicConstraints extension, > but it shouldn't cause any problems being there. > > I'm actually more interested in the CSR you used to get the CA to issue > the certificate. As I understand, for a genuine CA solution, RFC6955 would be the proper approach. I only generated keys locally and called a certificate creation API. Anders > > Thanks - Mike > > > On 5/26/2022 1:42 PM, Anders Rundgren wrote: >> It seems that things get a bit more challenging with ECDH using X25519 >> keys: >> https://mta.openssl.org/pipermail/openssl-users/2021-March/013549.html >> >> This is (hopefully) a proper ECDH certificate using an X25519 public key: >> >> >> 0: SEQUENCE { >> 4: SEQUENCE { >> 8: [0] { >> 10: INTEGER 2 >> } >> 13: INTEGER 01 80 fb 4a 58 1a >> 21: SEQUENCE { >> 23: OBJECT IDENTIFIER ecdsa-with-Sha512 (1.2.840.10045.4.3.4) >> } >> 33: SEQUENCE { >> 35: SET { >> 37: SEQUENCE { >> 39: OBJECT IDENTIFIER commonName (2.5.4.3) >> 44: PrintableString 'Test Sub CA' >> } >> } >> } >> 57: SEQUENCE { >> 59: UTCTime 180101000000 >> 74: UTCTime 301231235959 >> } >> 89: SEQUENCE { >> 91: SET { >> 93: SEQUENCE { >> 95: OBJECT IDENTIFIER commonName (2.5.4.3) >> 100: PrintableString 'Test certificate matching >> x25519privatekey.pem' >> } >> } >> } >> 148: SEQUENCE { >> 150: SEQUENCE { >> 152: OBJECT IDENTIFIER X25519 (1.3.101.110) >> } >> 157: BIT STRING, 32 bytes >> 0000: e9 9a 0c ef 20 58 94 96 0d 9b 1c 05 97 85 13 dc '.... >> X..........' >> 0010: cb 42 a1 3b fb ce d5 23 a5 1b 8a 11 7a d5 f0 0c >> '.B.;...#....z...' >> } >> 192: [3] { >> 194: SEQUENCE { >> 196: SEQUENCE { >> 198: OBJECT IDENTIFIER basicConstraints (2.5.29.19) >> 203: OCTET STRING, encapsulates { >> 205: SEQUENCE { >> } >> } >> } >> 207: SEQUENCE { >> 209: OBJECT IDENTIFIER keyUsage (2.5.29.15) >> 214: BOOLEAN true >> 217: OCTET STRING, encapsulates { >> 219: BIT STRING, 5 bits (unused=3) '00001'B >> } >> } >> 223: SEQUENCE { >> 225: OBJECT IDENTIFIER subjectKeyIdentifier (2.5.29.14) >> 230: OCTET STRING, encapsulates { >> 232: OCTET STRING, 20 bytes >> 0000: b2 79 b5 8e 62 05 b5 3d e3 7c 6a 54 5e 36 de ae >> '.y..b..=.|jT^6..' >> 0010: 02 90 08 98 '....' >> } >> } >> 254: SEQUENCE { >> 256: OBJECT IDENTIFIER authorityKeyIdentifier (2.5.29.35) >> 261: OCTET STRING, encapsulates { >> 263: SEQUENCE { >> 265: [0], 20 bytes >> 0000: a3 11 65 cf 5d c0 50 a7 4b e5 19 e1 76 7b 54 9a >> '..e.].P.K...v{T.' >> 0010: b7 4f 97 8a '.O..' >> } >> } >> } >> } >> } >> } >> 287: SEQUENCE { >> 289: OBJECT IDENTIFIER ecdsa-with-Sha512 (1.2.840.10045.4.3.4) >> } >> 299: BIT STRING, encapsulates { >> 303: SEQUENCE { >> 306: INTEGER >> 01 b7 80 e4 b5 5c 68 90 81 39 15 03 f4 c1 da 08 >> df 9f 33 db 7b a4 e9 e3 f1 3b 5a ad 99 c3 07 9c >> 34 b4 09 a8 4a 7c 67 73 dc c2 51 e5 9e 6c 58 de >> 3e 54 45 47 e0 5d 42 b9 16 26 d5 86 c5 f4 86 3e >> 61 f2 >> 374: INTEGER >> 01 ba d7 5c a2 fa b8 39 6f 14 09 7c ff 55 45 88 >> 9e 9d 9d 4d f3 44 cd de c8 de 92 75 f1 13 fb 54 >> 43 92 5e 90 79 97 66 b9 bf ac 8e 88 b5 19 82 ad >> d2 f1 04 e6 4c 94 d1 06 9d 64 8d 50 02 4a fe 48 >> 72 7b >> } >> } >> } >> >> Anders > >
- [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann