Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility-02.txt
"Santosh Chokhani" <SChokhani@cygnacom.com> Wed, 26 August 2009 15:19 UTC
Return-Path: <schokhani@cygnacom.com>
X-Original-To: pkix@core3.amsl.com
Delivered-To: pkix@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D25FD3A6A7B for <pkix@core3.amsl.com>; Wed, 26 Aug 2009 08:19:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.626
X-Spam-Level:
X-Spam-Status: No, score=-4.626 tagged_above=-999 required=5 tests=[AWL=1.420, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 30TTQ6y7sS+b for <pkix@core3.amsl.com>; Wed, 26 Aug 2009 08:19:52 -0700 (PDT)
Received: from balder-227.proper.com (Balder-227.Proper.COM [192.245.12.227]) by core3.amsl.com (Postfix) with ESMTP id 5C6D93A68E0 for <pkix@ietf.org>; Wed, 26 Aug 2009 08:19:51 -0700 (PDT)
Received: from p03c11o143.symantecmail.net (p03c11o143.symantecmail.net [208.65.144.86]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n7QEgYSw093635 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-pkix@imc.org>; Wed, 26 Aug 2009 07:42:38 -0700 (MST) (envelope-from schokhani@cygnacom.com)
Received: from unknown [65.242.48.5] (EHLO scygexch1.cygnacom.com) by p03c11o143.symantecmail.net (mxl_mta-5.7.0-7) with ESMTP id ed9459a4.3708812208.128590.00-010.p03c11o143.symantecmail.net (envelope-from <schokhani@cygnacom.com>); Wed, 26 Aug 2009 08:42:38 -0600 (MDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 26 Aug 2009 10:42:34 -0400
Content-class: urn:content-classes:message
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D48CD6E0B@scygexch1.cygnacom.com>
X-MimeOLE: Produced By Microsoft Exchange V6.5
In-Reply-To: <4A946DF7.8040603@ieca.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: I-D Action:draft-ietf-pkix-ocspagility-02.txt
Thread-Index: Acol2GVKw7iScyhST6ajCD1FHYunlgAgvF8g
References: <C6AF9540.3EF9%stefan@aaa-sec.com> <4A8A9E26.50601@ieca.com> <FAD1CF17F2A45B43ADE04E140BA83D48C74697@scygexch1.cygnacom.com> <255B9BB34FB7D647A506DC292726F6E1122AD13F2C@WSMSG3153V.srv.dir.telstra.com> <FAD1CF17F2A45B43ADE04E140BA83D48C7470E@scygexch1.cygnacom.com> <255B9BB34FB7D647A506DC292726F6E1122AD14260@WSMSG3153V.srv.dir.telstra.com> <4A8BF71C.8070502@ieca.com> <024f01ca253b$68aa4d50$39fee7f0$@com> <4A93D2E8.1050309@ieca.com> <FAD1CF17F2A45B43ADE04E140BA83D48CD6D95@scygexch1.cygnacom.com> <4A9421B5.3050503@ieca.com> <FAD1CF17F2A45B43ADE04E140BA83D48CD6DAB@scygexch1.cygnacom.com> <4A9436CC.3050008@ieca.com> <FAD1CF17F2A45B43ADE04E140BA83D48CD6DC0@scygexch1.cygnacom.com> <4A946DF7.8040603@ieca.com>
From: Santosh Chokhani <SChokhani@cygnacom.com>
To: Sean Turner <turners@ieca.com>, Jim Schaad <ietf@augustcellars.com>
X-Spam: [F=0.2000000000; S=0.200(2009071501)]
X-MAIL-FROM: <schokhani@cygnacom.com>
X-SOURCE-IP: [65.242.48.5]
Cc: ietf-pkix@imc.org
Subject: Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility-02.txt
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2009 15:19:53 -0000
If there is impact on existing implementations, I am ok with a new structure. > -----Original Message----- > From: Sean Turner [mailto:turners@ieca.com] > Sent: Tuesday, August 25, 2009 7:04 PM > To: Santosh Chokhani; Jim Schaad > Cc: Stefan Santesson; ietf-pkix@imc.org > Subject: Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt > > Santosh Chokhani wrote: > > Sean, > > > > Thanks. > > > > Should not the draft-ietf-smime-3278bis be revised? > > That's what I'm trying to figure out. Note that this would > also require changes to draft-ietf-pkix-new-asn1. > > > Why would you not allow advertising curved and OIDs you > recognize in > > SMIME capabilities? > > Most, if not all, of it is based on concerns about impacts on > existing implementations. RFC 3278 included SMIMECapabilities for > ecdsa-with-sha1 with NULL parameters. According to RFC 3851, > those NULLs shouldn't have been there, but we didn't notice > this until we started draft-ietf-smime-3278bis. We decided > not to change the parameters to absent for ecdssa-with-sha1 > in draft-ietf-smime-3278bis because it's been out for a long > time and there may be implementations that would be impacted > by the change to absent parameters. > > For the ecdsa-with-sha* algorithms (where * is 224->512) we > decided we'd do the right thing and just leave out the > parameter because there were few (if any) implementations. > > If we're going to advertise the curve for ECDSA, then we > should probably also do the same thing for ECDH/ECMQV. So > we'd need to tweak those parameters to include both a > KeyWrapAlgorithm and the curve. This also impacts > implementations of ECDH and ECMQV that conform to RFC 3278. > > I guess all I'm saying is that are some impacts that don't > just involve publishing a new ID. > > spt > > >> -----Original Message----- > >> From: Sean Turner [mailto:turners@ieca.com] > >> Sent: Tuesday, August 25, 2009 3:09 PM > >> To: Santosh Chokhani; Jim Schaad > >> Cc: Stefan Santesson; ietf-pkix@imc.org > >> Subject: Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt > >> > >> Santosh Chokhani wrote: > >>> Sean, > >>> > >>> As Yogi would say, unless I misunderstand you, you are > >>> misunderstanding me. > >>> > >>> Let us say client wants to signal ECDSA for P256, P521 and > >> RSA PSS for > >>> SHA 224. The S/MIME capabilities sent by the client will > >> be as follows: > >>> SEQUENCE { > >>> SEQUENCE {ecdsa-with-SHA256 OID > >>> secp256r1 OID} > >>> SEQUENCE {ecdsa-with-SHA512 OID > >>> secp521r1 OID} > >>> SEQUENCE {id-RSASSA-PSS OID > >>> [0] sha224Identifier > >>> [1] mgf1SHA24Identifier > >>> [2] INTEGER 20 > >>> [3] INTEGER 1 } > >>> } > >>> > >>> So, you can simply use the signature algorithms and assert > >> parameters, > >>> as opposed to using separate OIDs. > >> I guess I'm not getting it then. My original concern is > that we've > >> got documents that already say what parameters are > associated with an > >> OID. > >> For example, draft-ietf-smime-3278bis (with the RFC > editor) defines > >> SMIMECapabilities for the ECDSA algorithms. The > capability is an OID > >> and parameters are absent. > >> > >> spt > >> > >>>> -----Original Message----- > >>>> From: Sean Turner [mailto:turners@ieca.com] > >>>> Sent: Tuesday, August 25, 2009 1:39 PM > >>>> To: Santosh Chokhani > >>>> Cc: Jim Schaad; Stefan Santesson; ietf-pkix@imc.org > >>>> Subject: Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt > >>>> > >>>> Just so I understand, the proposal is to carry groupings > of algs. > >>>> One would be signature algorithms, one would be hashing > >> algorithms, > >>>> and another is the parameters (i.e., reuse the existing OIDs)? > >>>> > >>>> spt > >>>> > >>>> Santosh Chokhani wrote: > >>>>> I have added Stefan to this. > >>>>> > >>>>> I suspect what Jim Schaad is alluding to the fact that > >> for RSA PSS > >>>>> signature algorithm contains the parameters. Even in light > >>>> of that, > >>>>> the proposed ASN.1 structure will work. The parameters can be > >>>>> repeated in the subject public key algorithm also. The > >>>> relying party > >>>>> (i.e., the OCSP Responder) can only use the parameters > >> from subject > >>>>> public key algorithm in all instances, including RSA PSS. > >>>>> > >>>>> So, either the S/MIME capability or the new ASN.1 work. > >>>>> > >>>>> That said, I have preference for S/MIME capability assuming > >>>> Jim Schaad > >>>>> is in agreement. My rationale for the preference is that > >> we should > >>>>> not define new structures if we do not need to. It also > >> eliminates > >>>>> the confusion in the case of PSS. > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: Sean Turner [mailto:turners@ieca.com] > >>>>>> Sent: Tuesday, August 25, 2009 8:03 AM > >>>>>> To: Jim Schaad > >>>>>> Cc: Santosh Chokhani; ietf-pkix@imc.org > >>>>>> Subject: Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt > >>>>>> > >>>>>> Jim, > >>>>>> > >>>>>> RFC 4055 is the one ID that defines parameters for the > >>>>>> AlgorithmIdentifier. From RFC 4055: "When RSASSA-PSS is > >>>> used in an > >>>>>> AlgorithmIdentifier, the parameters MUST employ the > >>>> RSASSA-PSS-params > >>>>>> syntax. The parameters may be either absent or present > >>>> when used as > >>>>>> subject public key information. The parameters MUST be > >>>> present when > >>>>>> used in the algorithm identifier associated with a > >>>> signature value." > >>>>>> So in it > >>>>>> could still use the structure Stefan has in the most > >>>> current draft. > >>>>>> RSA-PSS parameters include hashAlg, maskGenAlg, > saltLength, and > >>>>>> trailerField. There's no negotiation of parameters so the RFC > >>>>>> doesn't mention what to do in case the values aren't supported. > >>>>>> > >>>>>> I would think the ID should address the general case when > >>>> the server > >>>>>> doesn't support the requested algorithms/parameters and > >>>> whatever we > >>>>>> decide for that case should also apply to this one. > >>>>>> > >>>>>> spt > >>>>>> > >>>>>> Jim Schaad wrote: > >>>>>>> Sean, > >>>>>>> > >>>>>>> What happens with RSA-PSS? It has a set of parameters - > >>>>>> are these parameters to be specified in the algorithm > identifier > >>>>>> field? What happens with fields like salt length if they are > >>>>>> specified? Must you honor that value even though the all > >>>> values must > >>>>>> be supported by validators? > >>>>>>> Or is this really just suppose to be an OID and not have > >>>>>> the parameters. In this case one could not restrict the > >>>> set of hash > >>>>>> values used for RSA-PSS. We did not define things like > >>>> RSA-PSS-sha1. > >>>>>>> Jim > >>>>>>> > >>>>>>> > >>>>>>>> -----Original Message----- > >>>>>>>> From: owner-ietf-pkix@mail.imc.org [mailto:owner-ietf- > >>>>>>>> pkix@mail.imc.org] On Behalf Of Sean Turner > >>>>>>>> Sent: Wednesday, August 19, 2009 5:59 AM > >>>>>>>> To: Santosh Chokhani > >>>>>>>> Cc: ietf-pkix@imc.org > >>>>>>>> Subject: Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> Manger, James H wrote: > >>>>>>>>>> What do you recommend we do: Forego clients stating the > >>>>>> curves or > >>>>>>>>>> define new OIDs? > >>>>>>>>> or allow the OIDs from > subjectPublicKeyInfo.algorithm as well > >>>>>>>> signature OIDs. > >>>>>>>> > >>>>>>>> This was where I was going. > >>>>>>>> > >>>>>>>>> I have not thought about EC curves hard enough to > >> really answer > >>>>>>>> Santosh's > >>>>>>>>> question. > >>>>>>>>> A proper solution would get a bit complex, particularly > >>>> as I don't > >>>>>>>> think there > >>>>>>>>> is an easy (or defined) way to match Alg.Id parameters, > >>>> let alone > >>>>>>>>> the signature-vs-key Alg.Id. issue. > >>>>>>>>> > >>>>>>>>> My gut feeling is that a client providing a list of OIDs > >>>>>> would cover > >>>>>>>> the bulk > >>>>>>>>> of use cases, and the complexity to handle the rest is > >>>>>> unlikely to > >>>>>>>>> be worthwhile. I would specify a very simple syntax with no > >>>>>>>>> parameter- > >>>>>>>> based > >>>>>>>>> matching. > >>>>>>>>> > >>>>>>>>> PreferredSignatureAlgorithms ::= SEQUENCE OF OBEJCT > >>>>>> IDENTIFIER This > >>>>>>>>> is a list of values that the client can support in an OCSP > >>>>>>>> response > >>>>>>>>> Signatue.signatureAlgorithm.algorithm field -- from > >>>> most to least > >>>>>>>> preferred. > >>>>>>>>> If necessary in the future, you could allow SPKI alg OIDs > >>>>>> and/or EC > >>>>>>>> curve OIDs > >>>>>>>>> in the same list. It would not really match the > >>>> semantics of the > >>>>>>>>> preferred-signature-algorithms extension, but it would be > >>>>>> backwardly > >>>>>>>>> compatible (a server expecting only signature OIDs > >> would simply > >>>>>>>> ignore the > >>>>>>>>> non-signature OIDs). > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> P.S. Why is PreferredSignatureAlgorithms a SEQUENCE > >>>> with a single > >>>>>>>> field. This > >>>>>>>>> seems like an unnecessary extra SEQUENCE wrapping -- > >> unless you > >>>>>>>>> might > >>>>>>>> want to > >>>>>>>>> extend the type later, adding more fields. However, in > >>>> that case, > >>>>>>>>> you > >>>>>>>> would > >>>>>>>>> probably just define a new extension. > >>>>>>>>> Perhaps change > >>>>>>>>> >From : PreferredSignatureAlgorithms ::= SEQUENCE { > >> Algorithms > >>>>>>>> SEQUENCE OF > >>>>>>>>> Alg.Id. } > >>>>>>>>> to : PreferredSignatureAlgorithms ::= SEQUENCE OF Alg.Id. > >>>>>>>>> [or to: PreferredSignatureAlgorithms ::= SEQUENCE OF OBJECT > >>>>>>>> IDENTIFIER] > >>>>>>>> > >>>>>>>> How about something like: > >>>>>>>> > >>>>>>>> PreferredSignatureAlgorithms ::= SEQUENCE OF > >>>>>>>> PreferredSignatureAlgorithm > >>>>>>>> > >>>>>>>> PreferredSignatureAlgorithm ::= SEQUENCE { > >>>>>>>> sigIdentifier AlgorithmIdentifier, > >>>>>>>> certIdentifier AlgorithmIdentifier OPTIONAL } > >>>>>>>> > >>>>>>>> sigIdentifier is the identifier the client would like to > >>>>>> see in the > >>>>>>>> signature. e.g., In this AlgorithmIdentifer > >>>> algorithm=ecdsa-with- > >>>>>>>> sha256 > >>>>>>>> and parameters are absent. > >>>>>>>> > >>>>>>>> certIdentifier is the identifier the client would like to > >>>>>> see in the > >>>>>>>> server's certificate that the server uses to sign the OCSP > >>>>>> response. > >>>>>>>> e.g., In this AlgorithmIdentifier > algorithm=id-ecPublicKey and > >>>>>>>> parameters= secp256r1. > >>>>>>>> > >>>>>>>> certIdentifier is optional for those algs that don't need it. > >>>>>>>> > >>>>>>>> With this information the server would be able to easily > >>>> tell what > >>>>>>>> it's being asked to do. Use this algorithm here and this > >>>>>> certificate > >>>>>>>> to do it. > >>>>>>>> > >>>>>>>> spt > >>>>>>>> > >>>>>>>>> James Manger > > > > >
- I-D Action:draft-ietf-pkix-ocspagility-02.txt Internet-Drafts
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Santosh Chokhani
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Sean Turner
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Stefan Santesson
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Stefan Santesson
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Santosh Chokhani
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Stefan Santesson
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Santosh Chokhani
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Stefan Santesson
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Santosh Chokhani
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Stefan Santesson
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Santosh Chokhani
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Sean Turner
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Santosh Chokhani
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Manger, James H
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Santosh Chokhani
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Manger, James H
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Sean Turner
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Sean Turner
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Sean Turner
- RE: I-D Action:draft-ietf-pkix-ocspagility-02.txt Santosh Chokhani
- Re: I-D Action:draft-ietf-pkix-ocspagility-02.txt Stephen Kent
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Jim Schaad
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Santosh Chokhani
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Manger, James H
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Stefan Santesson
- [pkix] I-D Action:draft-ietf-pkix-ocspagility-03.… Stefan Santesson
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Jim Schaad
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Jim Schaad
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Sean Turner
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Santosh Chokhani
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Santosh Chokhani
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Sean Turner
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Santosh Chokhani
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Sean Turner
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Santosh Chokhani
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Sean Turner
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Santosh Chokhani
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Jim Schaad
- Re: [pkix] I-D Action:draft-ietf-pkix-ocspagility… Sean Turner