[pkix] More fun and games with the Trusted Platform Module
Michael StJohns <msj@nthpermutation.com> Wed, 14 February 2018 01:57 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA2E1270A3 for <pkix@ietfa.amsl.com>; Tue, 13 Feb 2018 17:57:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hj_TNtGgSoXS for <pkix@ietfa.amsl.com>; Tue, 13 Feb 2018 17:57:07 -0800 (PST)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6055A1242F5 for <pkix@ietf.org>; Tue, 13 Feb 2018 17:57:07 -0800 (PST)
Received: by mail-qk0-x236.google.com with SMTP id o7so10487665qkc.1 for <pkix@ietf.org>; Tue, 13 Feb 2018 17:57:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=vkVlDiQver9BW6YJVeILkRXaeLFG5D80p0ETrlsc4N8=; b=ncNhiY3ZJ1euuDQhZfX2FybCvnlj8ys4TjA459OWHJnaMs/0A3DCgGMqjxYzI1x2fw gQOJAJFUOBUF/CE/LwKsNrJOUSpzenMZXBQV8jbFNr09kamGDu/LL/ECxCLLxgBUfV3f fYP1ekRqvr4Ski/DOM6VjSrUAjVYteedX/OZuFyplHfJJqVJZUsNfy734sBxYoZx/onU hiVQB1NSa+foEp7f3pCwyGrX6Q6PUR8XhvzovtSuqQW+rRc0l+0xZ27/86968CTBsU3R PNeOxx8ESP5ajpVmeBQsDPLb8C5ar1wUJ64WyW1oBIIOQJnnk90Lth14KWjPlXeNL5tu wS3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=vkVlDiQver9BW6YJVeILkRXaeLFG5D80p0ETrlsc4N8=; b=tEqIpBtkAyOxRrlw346Ccno8HN/rvoTE2irDSJC/MvrRsSUmSUZsisxMycpkksM5kL SUFFcxQkaJZhasTOP2bG1CCCH+vJez73g7KfBTGmyri8CgXgD1+dGUxG5CxBf57TmvFK AKXx+teWpxwRUI14nMTfVUBoQaI/pj+/b0+atr6B2G6Z21VmOhVIYHNEFf8xGBnjyzKM 57uQGJBaqjLmuG/03uFTCemlfzso+inbWaQnPHkovZwLKjGESHaUFW8Fbxx5izc/vm1V Al3UYVltPjri0rD7Ij9WPUo6uHU6ZVXqdOkTObRfKY0DMTwVAZFs1IiCoZGBvbg+l6Hq WrHA==
X-Gm-Message-State: APf1xPBPTqh6F1dvdFUDKu1tBHCC0x4yzcyxamqBf1OIV/V2qH3n1fi2 3UBZ93Jst+zp8mz8QQdVDLe76iMX
X-Google-Smtp-Source: AH8x225PiSLhOFLXt5EAULg/lkZJ8xL17ZBi++oOpmUGur7y20R1Gil1ilD4KAQY1zl7ZpEEJp2DnQ==
X-Received: by 10.55.124.66 with SMTP id x63mr4895940qkc.196.1518573426072; Tue, 13 Feb 2018 17:57:06 -0800 (PST)
Received: from ?IPv6:2601:152:4400:4013:4cc8:71cb:2ecb:76fd? ([2601:152:4400:4013:4cc8:71cb:2ecb:76fd]) by smtp.gmail.com with ESMTPSA id g48sm9303781qtc.23.2018.02.13.17.57.04 for <pkix@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 13 Feb 2018 17:57:04 -0800 (PST)
To: pkix@ietf.org
From: Michael StJohns <msj@nthpermutation.com>
Message-ID: <3a8caf8a-0273-afd2-dc28-09053c36842e@nthpermutation.com>
Date: Tue, 13 Feb 2018 20:56:55 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/I7wxiKgSQBaKkAXDBS8cWUUO-Fk>
Subject: [pkix] More fun and games with the Trusted Platform Module
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Feb 2018 01:57:09 -0000
Hi - I thought I'd pass on a discovered stupidity. As part of some playing with TPMs I found out that the endorsement certificate for my personal laptop has an invalid encoding. For some unknown reason, my certificate was mis-encoded with a leading zero byte in the serialNumber field. My best guess is that the manufacturer is mistakenly treating the serialNumber as an OCTET STRING and just plopping down the serial number of the TPM in the body of the INTEGER. Unfortunately, the certificate parsers I'm using barf on this..... I'm having to basically write my own code to handle these... serial: 02 14 00 04 8f e6 1d 28 82 d3 cd 48 8a b1 30 b9 4f bc 8928 4b 32 According to the TPM console, this is an intel TPM, V2.0, spec 11.8.50.3425. I went looking and I have no contacts with Intel in this space - I'd at least like to make them aware they are screwing up in at least one case. Does anyone have a pointer? Thanks - Mike
- [pkix] More fun and games with the Trusted Platfo… Michael StJohns
- Re: [pkix] More fun and games with the Trusted Pl… Russ Housley
- Re: [pkix] More fun and games with the Trusted Pl… Michael StJohns