Re: [Privacy-pass] RFC 4055 PSS encoding

Christopher Wood <caw@heapingbits.net> Thu, 27 April 2023 01:13 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: privacy-pass@ietfa.amsl.com
Delivered-To: privacy-pass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EF1EC151B05 for <privacy-pass@ietfa.amsl.com>; Wed, 26 Apr 2023 18:13:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b="mE+lsj8W"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="fJU9vayk"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cn0UxhSSdJxs for <privacy-pass@ietfa.amsl.com>; Wed, 26 Apr 2023 18:13:21 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0EEBC151B03 for <privacy-pass@ietf.org>; Wed, 26 Apr 2023 18:13:21 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 5CC10320090E; Wed, 26 Apr 2023 21:13:20 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Wed, 26 Apr 2023 21:13:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to; s=fm3; t=1682557999; x=1682644399; bh=omHE5uCPDh5XTJbBddzJxsR9F FqtyBxW2uQKqVIeFg8=; b=mE+lsj8W77xvqWmKrMvCjb5Ikl2rGhU8bifLYdcKH vT0Tvc9Q8ZKYDp5Af8WbWeuNiBTdpFT/p6KlEzQJQSGi1oRYwWYJH4O8FHMfM5qb m1uPm9bM4j2qq4PBHf9Z63ggkgTSKu7TQCVYwZWWeeVZ3wdQWkeGvyJw3/doZgUY T6BWMLDkfQLgKmBEmXCh1VYNorlBfoaX7hyx8j4DIStTKrgLWUoq5Gn32XAXX8c5 8Lg7BfuZrwQiiV6uQiuKCbpFT5mgGioJwcqrjL5OQ9+fHLxdCqAPRk1MvZ4wkjlX LK3KmOs1uQwzR+v7Caa9Mq2MkucFtgpSkHcmB1F+0vFcg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1682557999; x=1682644399; bh=omHE5uCPDh5XTJbBddzJxsR9FFqtyBxW2uQ KqVIeFg8=; b=fJU9vaykVbULp4Acw3VA5LIR/EchBocP18PKSARkXJmYaMP6YO9 5vEHySi9JSGCPrIC4Lc+5xvcLBcB1wz0ZJEN2e3ZezkjfbnamVyys1UudNyYHfa7 5ekKVavqNQMRJYRdVes62CL5LPRCTJxEiOUqnfkrD2P9qiIH9f0UdYZL1QtsitcX mme8eDVcgKdogbGRVYWHj6bkSj+B9Buub7r8DfT7+n2STe3yUn0w+dLG0cQy3TQ2 1T67F84mlKyB7KeEwGUBq9C4wzDYqxhizicnkHrCS4jTxDhnYMonYKGDxLLPkiS1 CzqfuYRTEDXpgnXEoV0sP2ASs7Vn6q3NjJQ==
X-ME-Sender: <xms:L8xJZPUaPPifvUPgzgb86s3yTDGNZMxTzs1PxSYt7TskH01qwAGHAA> <xme:L8xJZHm0oUl1T6awwvOl_rWhBhVepqHqJfxuHlX-GGMOqHHyNvCA_pfm8YcXLUzaY KzuZbOcp0lqW80wMuE>
X-ME-Received: <xmr:L8xJZLbl6uakd05vnFbp1HJNEOhT6nh4_0ESbvZUMsKvypSnjaUVfb-qtARmQrUnj2yKZRYljp-6ci7A0Kwp7Qt7nJTGPm_iGg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeduhedggeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptgfghfggufffkfhfvegjvffosehtqhhmtdhhtdejnecuhfhrohhmpeevhhhr ihhsthhophhhvghrucghohhougcuoegtrgifsehhvggrphhinhhgsghithhsrdhnvghtqe enucggtffrrghtthgvrhhnpeevjeeljeethfdvgfeltefhtddvfefhgfeikeefjeefkeef teetgfelueektdelvdenucffohhmrghinhepihgvthhfrdhorhhgnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheptggrfieshhgvrghpihhnghgs ihhtshdrnhgvth
X-ME-Proxy: <xmx:L8xJZKW-EDlM7vl5EX1TMq1VMGoxDVcKN631zIMPBr-KbLGVAXpcyA> <xmx:L8xJZJkuyWmt2moPt-KD-7ndAbh6q_f928OvXpz3qD9oDpveh4mcjQ> <xmx:L8xJZHfpeO7mPeiLp2uz-NizjBMy4kbE-dYS6PzOL406pRBclAVOMQ> <xmx:L8xJZIvDjg4t0RFU9KDP-W8nx0knyg2cAi1CzaelbI9fP2odrFdoEw>
Feedback-ID: i2f494406:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 26 Apr 2023 21:13:19 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Christopher Wood <caw@heapingbits.net>
Mime-Version: 1.0 (1.0)
Date: Wed, 26 Apr 2023 18:13:07 -0700
Message-Id: <1826A5F9-4C17-456B-B928-874F1DD909B1@heapingbits.net>
References: <CACsn0cm0Hx45+bPXAke6yVS=gHRKEii--uVNd=_86akKw=p2Ng@mail.gmail.com>
Cc: privacy-pass@ietf.org
In-Reply-To: <CACsn0cm0Hx45+bPXAke6yVS=gHRKEii--uVNd=_86akKw=p2Ng@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
X-Mailer: iPhone Mail (20D67)
Archived-At: <https://mailarchive.ietf.org/arch/msg/privacy-pass/I2ogkjkFOzgRerPgdqodlP1jDqA>
Subject: Re: [Privacy-pass] RFC 4055 PSS encoding
X-BeenThere: privacy-pass@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Pass Protocol <privacy-pass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/privacy-pass/>
List-Post: <mailto:privacy-pass@ietf.org>
List-Help: <mailto:privacy-pass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/privacy-pass>, <mailto:privacy-pass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Apr 2023 01:13:26 -0000

Hi Watson,

There are some implementations that will not parse DER encoded blobs with the NULL fields explicitly included, which is why the spec is as it is. I think it’s reasonable to be rigid about key ID format, if for no other reason that avoiding the situation where different implementations of the protocol don’t agree on the key ID when computed directly from the public key (as opposed to being computed from the DER encoding). 

Best,
Chris 

> On Apr 26, 2023, at 3:02 PM, Watson Ladd <watsonbladd@gmail.com> wrote:
> 
> Dear privacy pass WG,
> 
> As a result of some events we've discovered that draft-10 of the
> privacy pass protocol is not compatible with RFC 4055's recommendation
> to encode NULLs explicitly when serializing RSA PSS parameters.
> 
> Unfortunately much software including OpenSSL 3.0 and the Go standard
> library include these NULLs when serializing RSA PSS public keys. This
> makes it difficult to use these packages in implementation.
> 
> I think the simplest way to fix this issue is to take the token ID as
> the hash of the DER encoding as presented in the directory, and follow
> RFC 4055 for tolerance.
> 
> Apologies for not spotting this issue during last call.
> Sincerely,
> Watson
> 
> -- 
> Astra mortemque praestare gradatim
> 
> -- 
> Privacy-pass mailing list
> Privacy-pass@ietf.org
> https://www.ietf.org/mailman/listinfo/privacy-pass