IETF Logo Mail Archive

Re: [pkix] In-the-wild implementations of RFC6955?

Michael StJohns <msj@nthpermutation.com> Thu, 26 May 2022 17:58 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B61DC185B23 for <pkix@ietfa.amsl.com>; Thu, 26 May 2022 10:58:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.752
X-Spam-Level:
X-Spam-Status: No, score=-8.752 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbPKtDiZKYMW for <pkix@ietfa.amsl.com>; Thu, 26 May 2022 10:58:28 -0700 (PDT)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 992E9C1850DB for <pkix@ietf.org>; Thu, 26 May 2022 10:58:28 -0700 (PDT)
Received: by mail-qk1-x72e.google.com with SMTP id 14so2045061qkl.6 for <pkix@ietf.org>; Thu, 26 May 2022 10:58:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20210112.gappssmtp.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :references:from:in-reply-to:content-transfer-encoding; bh=QN/J4nhTbNbHQeZTFVRse3TNrXYzTYWWcQAiVOjdufk=; b=lTSEVTG8W7DusvXFG1SCOyMQIi9E9d3t/XfKK/vRuvV+ywJhpbX7wtwLV0ojYX2a+W yeFM0yAovPXal032KL8DjvcyBXxwui09sCmIimXMu8xz3+Q+2+19Y8mZHzEQEAavQ0UT knWOHDc54hdS8RjreSJrxLPCVGK9uPPhv9EF3nOzG1QZW2kQ2H7PNX/ss2kp1guiGS+y U5iB3Ivz00KYJUzwDnFfjsB6zQWRYQeC0m+T+g8AIGm3P9jVpTqZHgPhRQgUus0i1YHO ql47ox+0O8gVD2ib6z0VCZW8rvgfu/229tE3IriSUMQhj4OjNx2JM09PZZIcRigYaxc0 kh1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=QN/J4nhTbNbHQeZTFVRse3TNrXYzTYWWcQAiVOjdufk=; b=YXScuSdpct+hL//DEd5iPtn1IN3XOvcSFu1EWv5Xhal3aHxUDpGJQQilrytbjv80HH W644dFu/478XXoYYB4a4xI23WjSSb5dqiTsYhBDoUil8huKCXuZ9PQnSyK5MAqsUtF4e KcxYiThw/rUTJ5O7ltwos8EQC1utn6IbBKyGuqVSjTlqdSOiY54MoVYnd4P0NvdbIH3i 7butpWdwdVrbJHviBLj8/wkRsVsQh8f86I8eMa+E0NmkEQpov8oYhwJOwgVlTx3tYX8/ tZMhYUf4z9siwL+kCalaflPus2TZvGy/nUOAx82GntGiHpppTjohxZdNIZ6A/PV/QC4L ARpA==
X-Gm-Message-State: AOAM532CVm0EAgguBowKxGGtP8tQgangiI0TVijxHUegFJKsEhRYSqfW NgQLritHJriBybnyg/8kPCumQjJbpH3aeRyd
X-Google-Smtp-Source: ABdhPJzb3+z9qzY6Hz8kI4HnlUlE7eswV5//u2DoYp9sUJC5Hunu4Mz3MmwuOQqHh7hlG+1PtQKkUw==
X-Received: by 2002:a05:620a:b4e:b0:6a5:9b54:2d91 with SMTP id x14-20020a05620a0b4e00b006a59b542d91mr5809172qkg.586.1653587906886; Thu, 26 May 2022 10:58:26 -0700 (PDT)
Received: from [192.168.1.23] (pool-108-51-200-187.washdc.fios.verizon.net. [108.51.200.187]) by smtp.gmail.com with ESMTPSA id z39-20020a05620a262700b0069fc13ce237sm1593722qko.104.2022.05.26.10.58.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 26 May 2022 10:58:26 -0700 (PDT)
Message-ID: <94b64d59-67b7-67ae-658d-fa2c0472ed33@nthpermutation.com>
Date: Thu, 26 May 2022 13:58:25 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: Anders Rundgren <anders.rundgren.net@gmail.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, IETF PKIX <pkix@ietf.org>
References: <61955a76-232b-81e0-9fff-afea5cd6790b@nthpermutation.com> <SY4PR01MB6251FD54A917409C51BBCBC2EED79@SY4PR01MB6251.ausprd01.prod.outlook.com> <ef9d463f-5abf-b8d8-16fa-3db7980a767e@nthpermutation.com> <SY4PR01MB6251F64ACF9D954D0D6B5CDFEED99@SY4PR01MB6251.ausprd01.prod.outlook.com> <3134770a-4ebb-671d-7c8b-9945737416fe@gmail.com>
From: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <3134770a-4ebb-671d-7c8b-9945737416fe@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/hpJahM6UdTmH_3HtuynscWyBuIU>
Subject: Re: [pkix] In-the-wild implementations of RFC6955?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2022 17:58:33 -0000

This looks like a perfectly sane X25519 certificate, signed by what's 
probably a P521 CA.  You could remove the basicConstraints extension, 
but it shouldn't cause any problems being there.

I'm actually more interested in the CSR you used to get the CA to issue 
the certificate.

Thanks - Mike


On 5/26/2022 1:42 PM, Anders Rundgren wrote:
> It seems that things get a bit more challenging with ECDH using X25519 
> keys:
> https://mta.openssl.org/pipermail/openssl-users/2021-March/013549.html
>
> This is (hopefully) a proper ECDH certificate using an X25519 public key:
>
>
>    0: SEQUENCE {
>    4:   SEQUENCE {
>    8:     [0] {
>   10:       INTEGER 2
>           }
>   13:     INTEGER  01 80 fb 4a 58 1a
>   21:     SEQUENCE {
>   23:       OBJECT IDENTIFIER ecdsa-with-Sha512 (1.2.840.10045.4.3.4)
>           }
>   33:     SEQUENCE {
>   35:       SET {
>   37:         SEQUENCE {
>   39:           OBJECT IDENTIFIER commonName (2.5.4.3)
>   44:           PrintableString 'Test Sub CA'
>               }
>             }
>           }
>   57:     SEQUENCE {
>   59:       UTCTime 180101000000
>   74:       UTCTime 301231235959
>           }
>   89:     SEQUENCE {
>   91:       SET {
>   93:         SEQUENCE {
>   95:           OBJECT IDENTIFIER commonName (2.5.4.3)
>  100:           PrintableString 'Test certificate matching 
> x25519privatekey.pem'
>               }
>             }
>           }
>  148:     SEQUENCE {
>  150:       SEQUENCE {
>  152:         OBJECT IDENTIFIER X25519 (1.3.101.110)
>             }
>  157:       BIT STRING, 32 bytes
>       0000: e9 9a 0c ef 20 58 94 96 0d 9b 1c 05 97 85 13 dc '.... 
> X..........'
>       0010: cb 42 a1 3b fb ce d5 23 a5 1b 8a 11 7a d5 f0 0c 
> '.B.;...#....z...'
>           }
>  192:     [3] {
>  194:       SEQUENCE {
>  196:         SEQUENCE {
>  198:           OBJECT IDENTIFIER basicConstraints (2.5.29.19)
>  203:           OCTET STRING, encapsulates {
>  205:             SEQUENCE {
>                   }
>                 }
>               }
>  207:         SEQUENCE {
>  209:           OBJECT IDENTIFIER keyUsage (2.5.29.15)
>  214:           BOOLEAN true
>  217:           OCTET STRING, encapsulates {
>  219:             BIT STRING, 5 bits (unused=3) '00001'B
>                 }
>               }
>  223:         SEQUENCE {
>  225:           OBJECT IDENTIFIER subjectKeyIdentifier (2.5.29.14)
>  230:           OCTET STRING, encapsulates {
>  232:             OCTET STRING, 20 bytes
>       0000: b2 79 b5 8e 62 05 b5 3d e3 7c 6a 54 5e 36 de ae 
> '.y..b..=.|jT^6..'
>       0010: 02 90 08 98 '....'
>                 }
>               }
>  254:         SEQUENCE {
>  256:           OBJECT IDENTIFIER authorityKeyIdentifier (2.5.29.35)
>  261:           OCTET STRING, encapsulates {
>  263:             SEQUENCE {
>  265:               [0], 20 bytes
>       0000: a3 11 65 cf 5d c0 50 a7 4b e5 19 e1 76 7b 54 9a 
> '..e.].P.K...v{T.'
>       0010: b7 4f 97 8a '.O..'
>                   }
>                 }
>               }
>             }
>           }
>         }
>  287:   SEQUENCE {
>  289:     OBJECT IDENTIFIER ecdsa-with-Sha512 (1.2.840.10045.4.3.4)
>         }
>  299:   BIT STRING, encapsulates {
>  303:     SEQUENCE {
>  306:       INTEGER
>               01 b7 80 e4 b5 5c 68 90 81 39 15 03 f4 c1 da 08
>               df 9f 33 db 7b a4 e9 e3 f1 3b 5a ad 99 c3 07 9c
>               34 b4 09 a8 4a 7c 67 73 dc c2 51 e5 9e 6c 58 de
>               3e 54 45 47 e0 5d 42 b9 16 26 d5 86 c5 f4 86 3e
>               61 f2
>  374:       INTEGER
>               01 ba d7 5c a2 fa b8 39 6f 14 09 7c ff 55 45 88
>               9e 9d 9d 4d f3 44 cd de c8 de 92 75 f1 13 fb 54
>               43 92 5e 90 79 97 66 b9 bf ac 8e 88 b5 19 82 ad
>               d2 f1 04 e6 4c 94 d1 06 9d 64 8d 50 02 4a fe 48
>               72 7b
>           }
>         }
>       }
>
> Anders

v2.23.0 | Report a Bug | By Email