Re: [pkix] In-the-wild implementations of RFC6955?
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 07 June 2022 20:29 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A760DC15AACD for <pkix@ietfa.amsl.com>; Tue, 7 Jun 2022 13:29:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvJAcwEiODCl for <pkix@ietfa.amsl.com>; Tue, 7 Jun 2022 13:29:41 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.21.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13213C159493 for <pkix@ietf.org>; Tue, 7 Jun 2022 13:29:39 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2171.outbound.protection.outlook.com [104.47.71.171]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-61-HqYcGdUDP7-L4oM1eFnBpw-1; Wed, 08 Jun 2022 06:29:34 +1000
X-MC-Unique: HqYcGdUDP7-L4oM1eFnBpw-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SYCPR01MB3567.ausprd01.prod.outlook.com (2603:10c6:10:35::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.11; Tue, 7 Jun 2022 20:29:33 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::64d6:2532:7a7e:561d]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::64d6:2532:7a7e:561d%5]) with mapi id 15.20.5332.012; Tue, 7 Jun 2022 20:29:33 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Michael StJohns <msj@nthpermutation.com>, IETF PKIX <pkix@ietf.org>
Thread-Topic: [pkix] In-the-wild implementations of RFC6955?
Thread-Index: AQHYbu/3lkyoRajAE0e0OKl6csbI5a0tjczcgACsUACAAyqbZ4AACuiAgBMM2A8=
Date: Tue, 07 Jun 2022 20:29:33 +0000
Message-ID: <SY4PR01MB625124A6BB36505333EF8B32EEA59@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <61955a76-232b-81e0-9fff-afea5cd6790b@nthpermutation.com> <SY4PR01MB6251FD54A917409C51BBCBC2EED79@SY4PR01MB6251.ausprd01.prod.outlook.com> <ef9d463f-5abf-b8d8-16fa-3db7980a767e@nthpermutation.com> <SY4PR01MB6251F64ACF9D954D0D6B5CDFEED99@SY4PR01MB6251.ausprd01.prod.outlook.com> <a1d0b3c7-8721-49ac-55ac-332f6653d223@nthpermutation.com>
In-Reply-To: <a1d0b3c7-8721-49ac-55ac-332f6653d223@nthpermutation.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ec5b1627-a060-4a74-ee32-08da48c46e94
x-ms-traffictypediagnostic: SYCPR01MB3567:EE_
x-microsoft-antispam-prvs: <SYCPR01MB356780E3AB21FE2C7D50901EEEA59@SYCPR01MB3567.ausprd01.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: nPOBiFopxtQ+gYqbclPDb0nevr4SrCg8lnYUoi28HZzW5rYPzR0nv5tOUunnT+j+7plPn6YRvOb4ak71kQMQpBT+HQ0SIsWV1PXLOq94F/v/CgB1fNS5a0mgePAm4jJ/DVDyD8PssnFssPWu6NNwMrRn7LAMGj7odZTcAD6BOEezBNoDjstgPvIaBIP1aquiuGxgba60EoUXN6IbmXIajFfrWo3p7y9WhrNIDP7C4Vx2wl505tr0zvMvtcvZklBTTXsPXYzwFq+6IBLhITZ7xSWflo/w1XUSMAqCjS5Nq1xERI54yV3/YrL1Hqod6OMW+saqQfdOo2lfhieHMU+mb+k6UzqbOST3+nQJMPkjS5ww5aA1eV91t3obUqkBrWoGiR3zgeiZVlVslmQ63l8rw6o3XxoF5PT/giAF4uWV9UZeqWUfK6z9ASh8F2tTl+VkeOaa40EsqBdpcn3A3o5W4UgQcpWWdAik7sW2tZqvA7cQ5er7qqe+cKG3hiowT6br0HZcgEC8EbLCiATiluse3/jVDrS/pGrLS4Az9LprHqpNR9ufo17+D9EX/YvqK8h2MnSY8X7hYrBViC+TGiG97MlwTdAg/4p6OoXflXLtQwAPf3DVTcUg4ALkjNZs91+KmiQoSpWAjSXV8gIPT2k5uwuxeKUEdG83LPEVXV4v0DGm6i5i2QyKLmVbPHtBEsse2sO3uN5pxSiLXana5lHGFQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(9686003)(6506007)(26005)(5660300002)(508600001)(4744005)(52536014)(38070700005)(71200400001)(122000001)(7696005)(186003)(66556008)(66476007)(66946007)(76116006)(8676002)(91956017)(110136005)(66446008)(8936002)(64756008)(38100700002)(786003)(316002)(33656002)(55016003)(2906002)(86362001); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: EHApvsbmyLBrMKsX5NCbmyMLoN87Nn89QaTjBQXJtu9GNU6IUAQrDlqXwhmQG3yA3zznDeqjncKktusLqXHCFBDtGZvsu1M+7ZvjTtwVFz2b/iUiSw0TeL3kskBTjPQyYnWwbQQkMNcK161sSyhge8ue7THKem9SakC4z2T/AomsoK8zkG677bCcfxo5KpjR5jmHu6KxatsDX8GbH9wuamRAIBvDWGaoxxZtefWrKrzjdXl2vMp7wA/oOjsgfzN/DFn/BV3PLtLhXYVJjvBiw7LqYNeWfeW7i0qq9IbHcz58joGymsTU2bx5hG85qJH/PixhOpi1IXrBNF3F8OQVD/aB3YSoORGygN0lQ43/C00pij7o1+/900nXhyI+vmSkfUlnRNDwzn5tlktMif9Y8Syk18/fnfrLcJEMNVXxegvv64rf+In/1D8rXR6+1jc5M6AakJiavXV+qPTpVfGEBvyKo9pQ2IIU962S/3SUspZxNtYWbK+cxlNUijjgpHUTD9s2Lvb/GIJ08kD93MKJ5pTho3etozTPx582iAPz6tQ0382i9BUdt6pT1RZ/mOPqDqgBZwsVFwPBbhjUE7WxIiIWt4GKjEoTtNPV5qw+irfvf3wULIqA3/B0s3C/wG+krJ++8f4f/goX6lgpJiwasbnF2cM7bblY96DNr/bTbo/mMVlTTqxeEk0/KeHLJwkAT1Z9l4wqzTNcuqe1xL4fgf5sipwOOZQ9HSv6/5g0q9MNMvkrMR/hTgemKTNl/aQU15+FaQ5mw8vbDjNdf8bwy+wJCkICvaw6BLFA0Oah51CnJhh+ITF5HyuF8vc2CWbuPbhytorfDEKHQXKLMq8Vf+aY/2agoun1NRyrfG5mDOYAyXbisZ6Tv8fYH9lK8vG0aYvWBvq3LSdnb+MW72sy2bs2/AA4+gYLxxPxtwBYSYz22rYg6MgV2argpkMyQjuVz0Ecykfpowz8qEzLa5EiEvNyzcDG74mROgiWSjV06xZCb13Z105gjxgpD/kBn/CrpUw98en3936oe2Sgxnz4BxmbkN+49KAAOYLd9ZRLA+HJ/l3hOL6arhxaLbZroE1SWvjwoAgKgA3HQ2atVvlX0bF3cAo3xHP82V5ahgCJQsBbc1NH3KfOxKkpVwKXSA6Ri9u36vO0qMWerdt7zu1qq3bTGW8aANvL1AJBPMe4XOox45t1riP3qaF4IEEMnAHondPwChnq927ae4gqmGCMvzy3hpo9l7tUaEveaJjAD/HrKxrVwW78H7QpB/VGt4ux2zoh8U3aFitSosQqFxuKJnUkGM7h7tMajlX9gRwzKzJ2hCYcANm02mTeBJYMGzOaRyRqMzgT6jq86Dc8UJTP0V2x/5xV2NC0uf0HKm6eZF1uxaZ+/dgd/RgHU3iA29j+aucM4cd5L7y+1vJFHt+GHk+EtyGM5wtJTklT1+q3IbPXJLu4LRS4/fUpk6oOSHglNamAhJef2kPg0uhPTmMqSldbaaMX5uSy25Fn6t7cwvAD7KaMVOGfDX+PUF1YnAMJjnK1sGvYshOP7T2Mf3WgONNUsZA/h0UkIbEbMOOuC/VdXb2pBgJAUl1CwuaTl5dsSGeUwhH241qK8IB2juskRsYUYDKqIV5aZ2zNAEPXCvGZ8cBKSO1/J4dgiCgcArL6b9LKpxKX4bJu0+qUA28WzenKPGM/jC+oOn5JPi5Iwn8GXsXEt1OLSo+8/PP4PxyP8ezRC3WOAB73a1ApBeXsAb3+ozHt/WF0XNdGmzNf2eM=
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec5b1627-a060-4a74-ee32-08da48c46e94
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2022 20:29:33.1921 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IXGKea+VdvpNDxjCXLrt69RrqrT5z+xazQXMssOBIa61eajnEKLl8U8E+5fQcU7/sGb3WrabiSU53tR/+f38q9eJcJgVMgz3DjVFVUSzbHA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYCPR01MB3567
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/lkoSDKfWJuQk05yPx2PSVO7tAqU>
Subject: Re: [pkix] In-the-wild implementations of RFC6955?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2022 20:29:42 -0000
Michael StJohns <msj@nthpermutation.com> writes: >I always considered that the curve OID constrained the appropriate set of >cryptographic functions. Not for the widely-used NIST curves, the same curves with the same OID are used for both ECDH and ECDSA. Or at least they would be if anyone use ECDH certificates. >I can create a EC CSR with a keyAgreement only keyUsage and do it without >using the proposed EC key in anything but ECDH. Sure, but then you'd have to find something that implements RFC 6955 to get it signed. And after that, something that does static-ephemeral (EC)DH via certificates once you've got the cert. A strange game. The only winning move is not to play. Peter.
- [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Michael StJohns
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Anders Rundgren
- Re: [pkix] In-the-wild implementations of RFC6955? Peter Gutmann