Re: [pkix] Signature Verification and DER requirements
"Erik Andersen" <era@x500.eu> Sat, 16 May 2015 07:16 UTC
Return-Path: <era@x500.eu>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFB601B2A7C for <pkix@ietfa.amsl.com>; Sat, 16 May 2015 00:16:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.778
X-Spam-Level: *
X-Spam-Status: No, score=1.778 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_DK=1.009, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=0.77] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yq_Av9mh8omY for <pkix@ietfa.amsl.com>; Sat, 16 May 2015 00:16:00 -0700 (PDT)
Received: from mail04.dandomain.dk (mail04.dandomain.dk [194.150.112.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AD551ACE7E for <pkix@ietf.org>; Sat, 16 May 2015 00:15:59 -0700 (PDT)
Received: from Morten ([62.44.135.25]) by mail04.dandomain.dk (DanDomain Mailserver) with ASMTP id 4201505160915548713 for <pkix@ietf.org>; Sat, 16 May 2015 09:15:54 +0200
From: Erik Andersen <era@x500.eu>
To: PKIX <pkix@ietf.org>
References: <9A043F3CF02CD34C8E74AC1594475C73AB020EBB@uxcn10-tdc05.UoA.auckland.ac.nz> <000001d08f19$3210caa0$96325fe0$@x500.eu> <CAH8yC8m6V1=PtSua5q5ZWXFY+WnUwdiV_cyoyXyMDeT0iByH_g@mail.gmail.com> <25f0ef53824f44589e5e2b36fa40a8d6@svaexch1.cygnacom.com>
In-Reply-To: <25f0ef53824f44589e5e2b36fa40a8d6@svaexch1.cygnacom.com>
Date: Sat, 16 May 2015 09:15:55 +0200
Message-ID: <000001d08fa8$268d8170$73a88450$@x500.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQJTWJbGz2/yhOHJtiOftGAx2g1knACOJ2FoAoLOhLkB7krzUpxQoWng
Content-Language: en-gb
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/zoaKAEz51Hjwka48IAU7-OHKSmE>
Subject: Re: [pkix] Signature Verification and DER requirements
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 May 2015 07:16:03 -0000
It appears for me that the Japanese comment should be rejected. I will bring that up on our own list, as that is the decision making list for X.509. The Japanese comment implies (as I read it), as you do not whether a received cert is DER or non-DER encoded, you need to decode it and encode it in DER before checking the signature. In a constrained environment this seems an unnecessary burden to put on an RP. Jeff write that you could reject a cert because it is non-DER encoded. How do detect that without analysing the cert in details. If you do minimum processing, you will just discover the signature validation failed. I brought the issue up on this list due to the level of expertise on this list and because a thread was going on this issue. Kind regards, Erik -----Oprindelig meddelelse----- Fra: Santosh Chokhani [mailto:schokhani@cygnacom.com] Sendt: 15 May 2015 22:45 Til: noloader@gmail.com; Erik Andersen Cc: IETF PKIX Emne: RE: [pkix] Signature Verification and DER requirements +1 -----Original Message----- From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Jeffrey Walton Sent: Friday, May 15, 2015 3:40 PM To: Erik Andersen Cc: IETF PKIX Subject: Re: [pkix] Signature Verification and DER requirements On Fri, May 15, 2015 at 10:12 AM, Erik Andersen <era@x500.eu> wrote: > As Peter states. It is confusing, and I am not sure how to get it right. > > ... > I am interested in comments. > Maybe the easiest course is to side-step the issue altogether. The issue here is verification, so focus on it. Leave things the way they are related to encoding the certificate and signing the certificate (or more correctly, tbsCertificate). Then be explicit about how to verify it. That is, explicitly state bits should be verified as they are received; and they should not be rearranged to comply with anything because that will usually (always?) invalidate the signature. Allowing the bits to be rearranged during verification just seems wrong. It effectively creates a potential for a DoS when there's no need for one to exist. The security goals were met earlier, when the identity was bound to the public key. I also think you should give an implementation a choice during verification: they can choose to reject a non-DER encoded certificate because that's how things are written. But they should reject for the proper reason: reject because its no-DER encoded; and not becuase they re-arranged bits that caused a signature failure. Allowing a receiver to rearrange bits and then claim the signature verification failed is just plain wrong. They may as well have performed 'certificate[0] XOR 0x01' and claimed the certificate was tampered. There's no difference. Jeff _______________________________________________ pkix mailing list pkix@ietf.org https://www.ietf.org/mailman/listinfo/pkix
- [pkix] Signature Verification and DER requirements Jeffrey Walton
- Re: [pkix] Signature Verification and DER require… Martin Rex
- Re: [pkix] Signature Verification and DER require… Erwann Abalea
- Re: [pkix] Signature Verification and DER require… Jeffrey Walton
- Re: [pkix] Signature Verification and DER require… Anders Rundgren
- Re: [pkix] Signature Verification and DER require… Bruce Stephens
- Re: [pkix] Signature Verification and DER require… Peter Gutmann
- Re: [pkix] Signature Verification and DER require… Stephen Farrell
- Re: [pkix] Signature Verification and DER require… Erik Andersen
- Re: [pkix] Signature Verification and DER require… Martin Rex
- Re: [pkix] Signature Verification and DER require… Jeffrey Walton
- Re: [pkix] Signature Verification and DER require… Santosh Chokhani
- Re: [pkix] Signature Verification and DER require… Erik Andersen
- Re: [pkix] Signature Verification and DER require… Jeffrey Walton