IETF Logo Mail Archive

Re: [pkix] In-the-wild implementations of RFC6955?

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 26 May 2022 19:22 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E39E5C1D34E4 for <pkix@ietfa.amsl.com>; Thu, 26 May 2022 12:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.954
X-Spam-Level:
X-Spam-Status: No, score=-3.954 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJQbC8E7jMma for <pkix@ietfa.amsl.com>; Thu, 26 May 2022 12:22:28 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15EC2C1D34E3 for <pkix@ietf.org>; Thu, 26 May 2022 12:22:28 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id c5-20020a1c3505000000b0038e37907b5bso3408326wma.0 for <pkix@ietf.org>; Thu, 26 May 2022 12:22:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=HwdPYEg2VCgSRqLKO4/ZeKBV61POBO2+AiboNGspVhs=; b=a2INL9gj6g5TWMTAeQ2Vc17ldGnybOM/bsPZfKN+bASiz61ZAC7w9f5bF3jDDhYMmX EMp7vQCiuT8mIx2YHwHriYKguUEgaVpR0qtxBhLV/V4kLdSfhoGf389WaPZWliwu9QpR ITazXX4q6yzl8dDIXIKXEuLFEz04mLoabeWHKQiZryzjRV3aeVbbfv9NEc2kUzcDkxlt yYGcoe+TzYEZW3nxVb3FW863rq++80c8hL7MleSKecPmfxiU6nWWJTRxdMZKI25Yt7Kv Uk/h12otKlXwNEDaFExOlVTchNGQouWsL6iMoauiXh4nBdMzxpbwpPwrpco3rVXGYhm9 ZkIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=HwdPYEg2VCgSRqLKO4/ZeKBV61POBO2+AiboNGspVhs=; b=gBXeTYgbUbmlknn0hu6AgtpjjZ8gqZvx9FIPXBVdTELLyLbCjQhDoLYpXlv/yyFOTb sHt3EOxHT4aOwHtdVmbDtLGfDiA97itOXWg9i1XPYB20ywdd7wc0bTIqhEsOErUj2CsR JDe8AOyTr4e9SriRUxfSRfWNw5B9LIuD5ia2hzXZiD4Z7w0+2dudiwJZUjRdVoGpvjs+ s4SvnO7WFXob5gARbMFM594cJfV5rlWFbo6puPue38vMwBCDnicUG5uuCUh0g4UFuZjI fKi48sV62Lb9F1+SWLYDkJ9YFCbVv+wvCNJ3WlIRNF7C4sqWr0TzIzV6vML5aFi6Xx8L m1ww==
X-Gm-Message-State: AOAM531wr2NshxRHFoYQ2FlF8oQETgfDIaTB4/rzZpwiH0HU2ppBBIOq +/W+6KJN9nCy+As4ahFdBn84sexchWk=
X-Google-Smtp-Source: ABdhPJxRX6ORBE+TCAEA/HpCsohq6VqdrW+Do8W8HBSn3oCetTXH9T1Dd05VPMIiythHQCMUjWTZVA==
X-Received: by 2002:a05:600c:26d2:b0:397:49cd:2cda with SMTP id 18-20020a05600c26d200b0039749cd2cdamr3683745wmv.141.1653592946129; Thu, 26 May 2022 12:22:26 -0700 (PDT)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id z24-20020a7bc7d8000000b003974ba5cacdsm2631571wmk.35.2022.05.26.12.22.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 26 May 2022 12:22:25 -0700 (PDT)
Message-ID: <c68951a2-6bbc-30fc-4ceb-832e45618c86@gmail.com>
Date: Thu, 26 May 2022 21:22:25 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Michael StJohns <msj@nthpermutation.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, IETF PKIX <pkix@ietf.org>
References: <61955a76-232b-81e0-9fff-afea5cd6790b@nthpermutation.com> <SY4PR01MB6251FD54A917409C51BBCBC2EED79@SY4PR01MB6251.ausprd01.prod.outlook.com> <ef9d463f-5abf-b8d8-16fa-3db7980a767e@nthpermutation.com> <SY4PR01MB6251F64ACF9D954D0D6B5CDFEED99@SY4PR01MB6251.ausprd01.prod.outlook.com> <3134770a-4ebb-671d-7c8b-9945737416fe@gmail.com> <94b64d59-67b7-67ae-658d-fa2c0472ed33@nthpermutation.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
In-Reply-To: <94b64d59-67b7-67ae-658d-fa2c0472ed33@nthpermutation.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/Hd4mZe0Mzl04AfynvwOkPHZh-AE>
Subject: Re: [pkix] In-the-wild implementations of RFC6955?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2022 19:22:32 -0000

On 2022-05-26 19:58, Michael StJohns wrote:
> This looks like a perfectly sane X25519 certificate, signed by what's
> probably a P521 CA.  You could remove the basicConstraints extension,
> but it shouldn't cause any problems being there.
> 
> I'm actually more interested in the CSR you used to get the CA to issue
> the certificate.

As I understand, for a genuine CA solution, RFC6955 would be the proper approach.  I only generated keys locally and called a certificate creation API.

Anders

> 
> Thanks - Mike
> 
> 
> On 5/26/2022 1:42 PM, Anders Rundgren wrote:
>> It seems that things get a bit more challenging with ECDH using X25519
>> keys:
>> https://mta.openssl.org/pipermail/openssl-users/2021-March/013549.html
>>
>> This is (hopefully) a proper ECDH certificate using an X25519 public key:
>>
>>
>>     0: SEQUENCE {
>>     4:   SEQUENCE {
>>     8:     [0] {
>>    10:       INTEGER 2
>>            }
>>    13:     INTEGER  01 80 fb 4a 58 1a
>>    21:     SEQUENCE {
>>    23:       OBJECT IDENTIFIER ecdsa-with-Sha512 (1.2.840.10045.4.3.4)
>>            }
>>    33:     SEQUENCE {
>>    35:       SET {
>>    37:         SEQUENCE {
>>    39:           OBJECT IDENTIFIER commonName (2.5.4.3)
>>    44:           PrintableString 'Test Sub CA'
>>                }
>>              }
>>            }
>>    57:     SEQUENCE {
>>    59:       UTCTime 180101000000
>>    74:       UTCTime 301231235959
>>            }
>>    89:     SEQUENCE {
>>    91:       SET {
>>    93:         SEQUENCE {
>>    95:           OBJECT IDENTIFIER commonName (2.5.4.3)
>>   100:           PrintableString 'Test certificate matching
>> x25519privatekey.pem'
>>                }
>>              }
>>            }
>>   148:     SEQUENCE {
>>   150:       SEQUENCE {
>>   152:         OBJECT IDENTIFIER X25519 (1.3.101.110)
>>              }
>>   157:       BIT STRING, 32 bytes
>>        0000: e9 9a 0c ef 20 58 94 96 0d 9b 1c 05 97 85 13 dc '....
>> X..........'
>>        0010: cb 42 a1 3b fb ce d5 23 a5 1b 8a 11 7a d5 f0 0c
>> '.B.;...#....z...'
>>            }
>>   192:     [3] {
>>   194:       SEQUENCE {
>>   196:         SEQUENCE {
>>   198:           OBJECT IDENTIFIER basicConstraints (2.5.29.19)
>>   203:           OCTET STRING, encapsulates {
>>   205:             SEQUENCE {
>>                    }
>>                  }
>>                }
>>   207:         SEQUENCE {
>>   209:           OBJECT IDENTIFIER keyUsage (2.5.29.15)
>>   214:           BOOLEAN true
>>   217:           OCTET STRING, encapsulates {
>>   219:             BIT STRING, 5 bits (unused=3) '00001'B
>>                  }
>>                }
>>   223:         SEQUENCE {
>>   225:           OBJECT IDENTIFIER subjectKeyIdentifier (2.5.29.14)
>>   230:           OCTET STRING, encapsulates {
>>   232:             OCTET STRING, 20 bytes
>>        0000: b2 79 b5 8e 62 05 b5 3d e3 7c 6a 54 5e 36 de ae
>> '.y..b..=.|jT^6..'
>>        0010: 02 90 08 98 '....'
>>                  }
>>                }
>>   254:         SEQUENCE {
>>   256:           OBJECT IDENTIFIER authorityKeyIdentifier (2.5.29.35)
>>   261:           OCTET STRING, encapsulates {
>>   263:             SEQUENCE {
>>   265:               [0], 20 bytes
>>        0000: a3 11 65 cf 5d c0 50 a7 4b e5 19 e1 76 7b 54 9a
>> '..e.].P.K...v{T.'
>>        0010: b7 4f 97 8a '.O..'
>>                    }
>>                  }
>>                }
>>              }
>>            }
>>          }
>>   287:   SEQUENCE {
>>   289:     OBJECT IDENTIFIER ecdsa-with-Sha512 (1.2.840.10045.4.3.4)
>>          }
>>   299:   BIT STRING, encapsulates {
>>   303:     SEQUENCE {
>>   306:       INTEGER
>>                01 b7 80 e4 b5 5c 68 90 81 39 15 03 f4 c1 da 08
>>                df 9f 33 db 7b a4 e9 e3 f1 3b 5a ad 99 c3 07 9c
>>                34 b4 09 a8 4a 7c 67 73 dc c2 51 e5 9e 6c 58 de
>>                3e 54 45 47 e0 5d 42 b9 16 26 d5 86 c5 f4 86 3e
>>                61 f2
>>   374:       INTEGER
>>                01 ba d7 5c a2 fa b8 39 6f 14 09 7c ff 55 45 88
>>                9e 9d 9d 4d f3 44 cd de c8 de 92 75 f1 13 fb 54
>>                43 92 5e 90 79 97 66 b9 bf ac 8e 88 b5 19 82 ad
>>                d2 f1 04 e6 4c 94 d1 06 9d 64 8d 50 02 4a fe 48
>>                72 7b
>>            }
>>          }
>>        }
>>
>> Anders
> 
>

v2.23.0 | Report a Bug | By Email