Re: [pkix] [Technical Errata Reported] RFC4055 (5199)

Russ Housley <housley@vigilsec.com> Wed, 06 December 2017 21:58 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1CDE127977 for <pkix@ietfa.amsl.com>; Wed, 6 Dec 2017 13:58:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id knp5wB9_Da_T for <pkix@ietfa.amsl.com>; Wed, 6 Dec 2017 13:58:15 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92F01126B72 for <pkix@ietf.org>; Wed, 6 Dec 2017 13:58:15 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id BAEC8300670 for <pkix@ietf.org>; Wed, 6 Dec 2017 16:58:14 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id jd6fJEJi929B for <pkix@ietf.org>; Wed, 6 Dec 2017 16:58:10 -0500 (EST)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 0BCAF300266; Wed, 6 Dec 2017 16:58:09 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <3EE9D837-BBBD-4BF0-8D52-F75E94C54878@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_92A48CAE-9787-44BB-9DB0-9A3C0D5BEA3A"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 6 Dec 2017 16:58:10 -0500
In-Reply-To: <7FC51BDF-D5E5-4473-9658-BE0F34C1021C@vigilsec.com>
Cc: Jim Schaad <ietf@augustcellars.com>, Burt Kaliski <bkaliski@verisign.com>, Stefan Santesson <stefan@aaa-sec.com>, bernd-2017@eckenfels.net, IETF PKIX <pkix@ietf.org>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, Eric Rescorla <ekr@rtfm.com>
References: <20171205213236.83CB1B81B9E@rfc-editor.org> <7FC51BDF-D5E5-4473-9658-BE0F34C1021C@vigilsec.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/T_78veMWIY8cPSREh91ri7KEhgM>
Subject: Re: [pkix] [Technical Errata Reported] RFC4055 (5199)
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2017 21:58:18 -0000

A minor clarification:

   The pSourceFunc field identifies the source (and possibly the value)
   of the encoding parameters, commonly called P. (Note: it is referred
   to as label L in [P1v2.1], and it is referred to as P throughout [P1v2.0],
   although the ASN.1 structures in both document use the letter “p”.)

Russ


> On Dec 6, 2017, at 10:30 AM, Russ Housley <housley@vigilsec.com> wrote:
> 
> Burt Kaliski observes:
> 
> """
> The text in Sec. 4.1 of RFC4055 including the syntax of RSAES-OAEP-params largely follows Sec. 11.2.1 of RFC2437 (PKCS #1 v2.0), which uses the term “encoding parameters P”, rather than the Sec. A.2.1 of RFC3447 (PKCS #1 v2.1), which uses the term “label L”.  (RFC3560, the CMS profile for these algorithms, similarly follows RFC2437.)
>  
> RFC3447 acknowledges that “In previous versions of this specification, the term ‘encoding parameters’ was used”.  Given that RFC4055 inserts “commonly called” before RFC2437’s “P”, it appears that RFC4055 is attempting to bridge between RFC3447 and RFC2437.
> """
> 
> I observe that RFC 2437, RFC 3447, and RFC 4055 all use the same ASN.1 structure for RSAES-OAEP-params.  While the description of RSAES-OAEP in [P1v2.1] uses "L" instead of "P", this change in terminology did not carry through to the ASN.1 structure.
> 
> I think that this should not be classified as a technical errata.  Perhaps a better text would be:
> 
>    The pSourceFunc field identifies the source (and possibly the value)
>    of the encoding parameters, commonly called P. (Note: it is referred
>    to as label L in Section 7.1.1 of [P1v2.1], and it is referred to as P
>    throughout [P1v2.0] and Section A.2.1 of [P1v2.1].)
> 
>    [P1v2.0] = RFC 2437
> 
> I don’t see an error here, so I think the corrected errata should be approved as editorial.
> 
> Russ
> 
> 
> 
>> On Dec 5, 2017, at 4:32 PM, RFC Errata System <rfc-editor@rfc-editor.org <mailto:rfc-editor@rfc-editor.org>> wrote:
>> 
>> The following errata report has been submitted for RFC4055,
>> "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile".
>> 
>> --------------------------------------
>> You may review the report below and at:
>> http://www.rfc-editor.org/errata/eid5199 <http://www.rfc-editor.org/errata/eid5199>
>> 
>> --------------------------------------
>> Type: Technical
>> Reported by: Bernd Eckenfels <bernd-2017@eckenfels.net>
>> 
>> Section: 4.1
>> 
>> Original Text
>> -------------
>> The pSourceFunc field identifies the source (and possibly the value)
>> of the encoding parameters, commonly called P.
>> 
>> Corrected Text
>> --------------
>> The pSourceFunc field identifies the source (and possibly the value)
>> of the encoding parameters, commonly called P. In the EME-OAEP encoding
>> method [P1v2.1] defines this parameter as label L.
>> 
>> Notes
>> -----
>> There is no place where P is linked to the parameter name L as used in
>> referenced [P1v2.1]
>> 
>> Instructions:
>> -------------
>> This erratum is currently posted as "Reported". If necessary, please
>> use "Reply All" to discuss whether it should be verified or
>> rejected. When a decision is reached, the verifying party  
>> can log in to change the status and edit the report, if necessary. 
>> 
>> --------------------------------------
>> RFC4055 (draft-ietf-pkix-rsa-pkalgs-03)
>> --------------------------------------
>> Title               : Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
>> Publication Date    : June 2005
>> Author(s)           : J. Schaad, B. Kaliski, R. Housley
>> Category            : PROPOSED STANDARD
>> Source              : Public-Key Infrastructure (X.509)
>> Area                : Security
>> Stream              : IETF
>> Verifying Party     : IESG
>