Re: [pkix] In-the-wild implementations of RFC6955?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 24 May 2022 06:23 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D942C14F687 for <pkix@ietfa.amsl.com>; Mon, 23 May 2022 23:23:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eAvd4lfKUwBy for <pkix@ietfa.amsl.com>; Mon, 23 May 2022 23:23:00 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.21.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBBF2C14F606 for <pkix@ietf.org>; Mon, 23 May 2022 23:22:59 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2239.outbound.protection.outlook.com [104.47.71.239]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-59-yjPVfxNXNYyo63JZCcY-bA-1; Tue, 24 May 2022 16:22:53 +1000
X-MC-Unique: yjPVfxNXNYyo63JZCcY-bA-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SYBPR01MB3225.ausprd01.prod.outlook.com (2603:10c6:10:25::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.14; Tue, 24 May 2022 06:22:52 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::4d78:e58:4ae1:d3ec]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::4d78:e58:4ae1:d3ec%9]) with mapi id 15.20.5273.023; Tue, 24 May 2022 06:22:51 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Michael StJohns <msj@nthpermutation.com>, IETF PKIX <pkix@ietf.org>
Thread-Topic: [pkix] In-the-wild implementations of RFC6955?
Thread-Index: AQHYbu/3lkyoRajAE0e0OKl6csbI5a0tjczc
Date: Tue, 24 May 2022 06:22:51 +0000
Message-ID: <SY4PR01MB6251FD54A917409C51BBCBC2EED79@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <61955a76-232b-81e0-9fff-afea5cd6790b@nthpermutation.com>
In-Reply-To: <61955a76-232b-81e0-9fff-afea5cd6790b@nthpermutation.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2e5eeffb-1bdf-4dc7-9c2a-08da3d4dd4de
x-ms-traffictypediagnostic: SYBPR01MB3225:EE_
x-microsoft-antispam-prvs: <SYBPR01MB3225E8610BDA99B8BC41BCF5EED79@SYBPR01MB3225.ausprd01.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: U3GFyDA1NnbkPmc8ULGR/SrelHglsWOr+4FwpzwDjbdYefntgFf3wJYHbX+6+z1nRB7Gf3DOzp/ev1pbiEtvv1baaQVaonIS0/qg06RJTvhQlMXDjdhu1IAyqccbLX68M64M/Y6UI5NcjUDTEZlR4tsYR/hoNYTchwgXSwWnU/Yvzyb3d127BIeStrd4ZzgXWsZWLghU35OuyfgZxF9lqhuoLbV9Hre2gsGbhIYIAT8K/vFWT0vzewSRJ0Gme9u324F33ZQMUieQTL9C5PjF1/aRoPaxbCR5892ilVGQZSpsVyL7v2JeXppUJPt/ydErYXqQUOFCx6VP6jAm79NwoW59MmVry3udqjAM9tRS7N/MFJXTD4eKNAL7Y2IvLLtgwMyeHlt17MM5bc1n9Z8hf6DaOreRjMa+n93n4rQMgLCtyIZ5L5xeS/02TXdW2a5ht3PmmCeymHS82rBvcJX8XvpiXofpddHwKNoWUIqOT+rHPCN4bjj2D1H9ymzZEQ4Zm7c/1ex9p3UfHSMB7tJYTeytm0DMPSai6gLatxVLpqq/ARZul3qy4YpYxkrjK9aalqWAEeSsjJMRiQPx7DCw6VaIWV4UTkGsKOiklUtLIy1eJv3scKM6RmJ23kEHdWHsLwM1o7zphIG7kN7T3gYUoOPS0wPUBsaYi4AaGyLaj4Gc1ZwPO8C+N1KFHBLEZXeFxUWjrZw1Jf0V8dylSrzMYg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(66446008)(38100700002)(2906002)(55016003)(122000001)(38070700005)(5660300002)(76116006)(8676002)(66556008)(66476007)(66946007)(110136005)(52536014)(8936002)(508600001)(64756008)(786003)(316002)(71200400001)(9686003)(86362001)(33656002)(4744005)(26005)(6506007)(186003)(83380400001)(7696005); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: XbaIccIicQNs33F0sK6US+EW2catCssPp9TEW++Kt0y0yMVrh5DTSv5bXCERIlcmq2HJ55BgmHtaBiN+p7q7PenZgz+gYEMMz49Qp5fEV3w4vCncBh43n4AGj6DYwIBVBlqHxtkBk9BXLbkI1/Nyhbo/5nPWWBG3lHI8Uj99NMZvOgeEAVfrNSJuypNFAja5yfGrfypE00FzoVbHdMUJ+m6/h5lvUCZaJgjJJIQKKebQE9Utlxuh8ytbOwSA+ldOHHWpw8hdq4R1fLvLo9NTmg27qs3jO9c89RIS0Zw6vckjV822VRIi3W3Hu8obdVv4AK0NJne2CIjW+RkPF7r26HvjX7VDMYDWLYQ+wmlSp7kYfeSC8opDYQpN04XI9iZ7yY3L/IgmtEniymS28GxKVCi/cjVPkkUd6yaG9UimLsuOw26kfUoy3iOfR6qZQtLOTecHzFBa2TqkB8all1qxvi7qCHp0tEVgxyPFReF80KZuPDKxfJjmhhqDxs3YADFLntotr9o/scrxgvzoO0uOPAP5evD9ZrIOpv78FJdZ7DZ7pWh9fGnsKZMP+J/qr3fFYkbIbxWqxdJBwLFa913rwmBKL10z28UZzzp63k872g9w7xCcug8T/6EY/4698D09dLebUaPHJ55K/au7UDhOLDUOHzSZjYYCCueGRZGIikFeOOyRpqym5m/DnYrvGyQ8JMOA9RJ+flJq6UzuRNdvqAA6qWlSLM857ax2JwcVXAvo26YogACeK8bJaePxCAe1N6T9gd0zHxAtwEY6+kRckyibYrRcy1fRQ8qLV/zHnq244ocU70SeF+1fcAuP76OoQK8HITmluq/n3Kf4u47i4fq5pkaEh/TV5PIao1D2jDCaqZ0PVPNqfOt8fCRmfGK6jc5yPB4oTW3+SaZ1WxcHun6vmWC3aYGe0nz/2vk/T/uAIzGGMxthTGbr6ax8bczZf0qPlF5v/snxvqjFTBtMTz3CX51VzVH0UdNsr1Bv039TZmy9ON5X37XWdLKsw+zhuSlJsAB2OFvwZYYBMz/L4xQhe2U5snbTpqUgc8iFKfN5OovWZYAYHcsB2+aznQtnfrezAQBjbVrbrXOpAwGaQilYBa4KXw0X4wN2HIVGJGtmHrLl0XvL3nRf1HIpiIo6KCuVlmP5td6q4bhKbjtkuSgWUb68G8Em5bTT8/Zbw/sMRZHZizb9k1TzrOexT9r+68hoSclKSV44sD9cCRXScx67gDF+ciSYCk577G0MXYjMKorQmw7qnb89cK7uPHrrrdraMXLPIyBOD9xmUkrNStSCtbyHIDnJZcwYGvoMMPs/4kehRZpm37THTH/nxzWvVS151SC13Inw+UTZIv2SJ2GOq35SM//i0iQFGgr0ZPFsxBEY++OEnR9QGwQHErv28XkA05JtEkibnVrOu6VeMZfrb/VXYpDqViMF7rl9KN1BvaZsS5gVE+0wySo1tz8qSjkRHWslYyIC/syfcwDAJf9OcruyGX7G20Y+LZmBb+MD2LUmY/CZStG2peaHe1A79zOozT3zQS/P3YMLEPgZXlfoTbS7LUG+EX1H11LOntuTUc2zhJLXYWeG0mCVrtIc77s2k41HjwDeKwownpCGsPS4r7rWUUNE8l9OU0tVJ83KAeS1/p1JK5Ld7l3RJNyjEkLtShKi2x0rmwuIl3/6S+E/pQkG1dfzfh37eDlxcxaPMzpQuiGyktJoqz28OU/BUIx+szlcAgbaXOfYMd8oHCFQl1y97Yzm8b/PhB7NCXE=
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2e5eeffb-1bdf-4dc7-9c2a-08da3d4dd4de
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2022 06:22:51.9168 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uLPNuuUrIB8jjpT9suDmr1GakPin4QGbOPk+4e9S0lH/8UzgLvbgKcvgDUKUBw0tqCCxy0lRZIYnKhUaDf0jdXAJLGciTs9sEerR9LcBG6w=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBPR01MB3225
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/WLTOU9BUucaBdX-RrEZdn_bBpsE>
Subject: Re: [pkix] In-the-wild implementations of RFC6955?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2022 06:23:01 -0000
Michael StJohns <msj@nthpermutation.com> writes: >Is anyone aware of > >a) implementation of CSR software which can generate requests for ECDH >certificates [crickets] While it's difficult to prove a negative, ECDH certs are just a rerun of DH certificates from 20 years ago, which were supported by exactly nobody [0], so I would assume it's no different for ECDH certs. In addition even if you could somehow generate an (EC)DH cert I'd be even more surprised if you could find anything that knew what to do with it when it saw it. So just out of curiosity, to help understand the use case since I've never seen one before and it'd be interesting to hear about it, please lie on this couch and tell me why/how you're planning on using these things. And remember, this is for posterity, so be honest — how do ECDH certs make you feel? Peter. [0] Well, a few implementations went through the motions of half-hearted token support so they couldn't be accused of being non-standards-compliant, but not much more than that.
- [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann