Re: [pkix] Updated EdDSA/Ed25519 PKIX document

Simon Josefsson <simon@josefsson.org> Thu, 24 September 2015 11:04 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FE651A1ACC; Thu, 24 Sep 2015 04:04:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AhmiTjYff2GS; Thu, 24 Sep 2015 04:04:43 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E8B21A1B05; Thu, 24 Sep 2015 04:04:42 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t8OB4Tjt012982 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 24 Sep 2015 13:04:30 +0200
From: Simon Josefsson <simon@josefsson.org>
To: "Manger\, James" <James.H.Manger@team.telstra.com>
References: <878u7xtu06.fsf@latte.josefsson.org> <255B9BB34FB7D647A506DC292726F6E13BAE1499A2@WSMSG3153V.srv.dir.telstra.com>
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
X-Hashcash: 1:22:150924:pkix@ietf.org::iaDt6CdqSOa0wwMD:9okn
X-Hashcash: 1:22:150924:james.h.manger@team.telstra.com::UqTr615ggexAQeBH:AEvI
X-Hashcash: 1:22:150924:tls@ietf.org::iEVc5xOz7cFNUBvB:WIGj
Date: Thu, 24 Sep 2015 13:04:28 +0200
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E13BAE1499A2@WSMSG3153V.srv.dir.telstra.com> (James Manger's message of "Thu, 24 Sep 2015 13:23:45 +1000")
Message-ID: <87zj0coz7n.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/ampe9kYC3FkaXg-GzVzNiTUFQEc>
Cc: "pkix@ietf.org" <pkix@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [pkix] Updated EdDSA/Ed25519 PKIX document
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 11:04:45 -0000

"Manger, James" <James.H.Manger@team.telstra.com> writes:

> Hi Simon, two technical typos:
>
> The example cert in 8.2 has the wrong OID for the signature.
> Cert has { 1 3 101 100 1 } [encoding 06 04 2B656401]
> Text has { 1 3 101 101 }   [encoding 06 03 2B6565]   for id-EdDSASignature

Hi James.  Good catch -- I believe that is a typo in the implementation.
I'll let Nikos fix that, but we'll update the examples in the document.

> OIDs use space-separated (not dot-separated) numbers in ASN.1.
> Section 4:
> Wrong { 1.3.101.100 }
> Right { 1 3 101 100 }
> Section 7
> Wrong { 1.3.101.101 }
> Right { 1 3 101 101 }

Fixed, thank you.

> The cert's notBefore field is a UTCTime value (2-digit year), while
> the notAfter field is a GeneralizedTime value (4-digit year). I don't
> think I has seen that before, but it is valid.

I suspect the logic in GnuTLS to pick one encoding over the other looks
at the date to see if it fits in a UTCTime value or not.  It shouldn't
be related to EdDSA.

/Simon

> --
> James Manger
>
>
> -----Original Message-----
> From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Simon Josefsson
> Sent: Wednesday, 23 September 2015 6:33 PM
> To: pkix@ietf.org; tls@ietf.org
> Subject: [pkix] Updated EdDSA/Ed25519 PKIX document
>
> Hi all,
>
> I have pushed out a new version of the document describing EdDSA public keys, signatures and certificates for PKIX.  The change in -03 include the addition of the prehash mode, test vectors generated by GnuTLS, and a section recommending certain human readable names.
>
> https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-03
>
> I've started a thread to discuss whether it is wortwhile to be able to use the same Ed25519 key for both PureEdDSA mode and HashEdDSA signing, and I'd appreciate feedback on whether people are interested in this and generally if it is a good idea or not.  The complexity involved make me shy away a bit from it, but it is fun to consider.  The thread is here:
> https://moderncrypto.org/mail-archive/curves/2015/000630.html
>
> /Simon
>
> _______________________________________________
> pkix mailing list
> pkix@ietf.org
> https://www.ietf.org/mailman/listinfo/pkix
>