Re: [saag] presentation format for hash of public key
Adrian Hope-Bailie <adrian@hopebailie.com> Tue, 25 October 2016 20:56 UTC
Return-Path: <adrian@hopebailie.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3310128E18 for <saag@ietfa.amsl.com>; Tue, 25 Oct 2016 13:56:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopebailie.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xeq_GKlxB7U9 for <saag@ietfa.amsl.com>; Tue, 25 Oct 2016 13:56:48 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84A31129B4F for <saag@ietf.org>; Tue, 25 Oct 2016 13:56:44 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id m72so117919422oik.3 for <saag@ietf.org>; Tue, 25 Oct 2016 13:56:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopebailie.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iN5QSMrO1C3XH/x40Nerb87jilpd4oz9N9cdgI6tU2c=; b=lR6B8vp6wmwCUpBD+gyP0MQLYujMvk5SRF6kSWjtdm8da+y8adQ24ryzemtc3zoFFy nTSQsEVz6mXK8wlbo8K2hztDFCRG3xzijPlKQFtTom5+VW9bgJUGKE8bSqn7wdOLZI8Y zhSJjIihG6B3OP2kIL363+17cfXlM5Y+lQ7+A=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iN5QSMrO1C3XH/x40Nerb87jilpd4oz9N9cdgI6tU2c=; b=CXOwqlQoEptsj3q14+DB1w/zwYfqjkxAYfZZVCDv/d+quVwdF3sJTSUdR9j9EFYjtH W1UnM2/LicWUznBYpH34FXOClUFUAo3xAGEenfLd9CUq9k0P+HZZoEDkUa7OQjvsv+UN TSMbg6tg8Yw1zKreja55y9y3ItFuHjmZQ7rsdpHlOyxcmf9I8MogbHlRWHWnbYfmVwsR yWgcq8S9yKKq9f6/HAX/SYjfprnL28tHkCNRFdgQCvFyv6scXfhU1Ko/g7CE1S5D0NyJ XnB8JFma+t3QeWalHF0tMtCmQBCfyu/vOfGNcuHuNUdNuKhIE4vh3Ts4tlNfGwcRZoG3 FwEg==
X-Gm-Message-State: AA6/9RlSVGCpyG6/swvM48Hb7WgX/4BfeMB3IEl1ETVPujm4Xom8MSfTorq7YCAE0+pRzbRI69Sr8p+Y+pezkA==
X-Received: by 10.202.237.145 with SMTP id l139mr26439907oih.81.1477429003832; Tue, 25 Oct 2016 13:56:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.219.194 with HTTP; Tue, 25 Oct 2016 13:56:43 -0700 (PDT)
In-Reply-To: <3918.1477417611@obiwan.sandelman.ca>
References: <13018.1477342431@obiwan.sandelman.ca> <f738e80c52a843f4b9facba3f80b183d@usma1ex-dag1mb1.msg.corp.akamai.com> <D433CBB1.A403D%paul@marvell.com> <3918.1477417611@obiwan.sandelman.ca>
From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Tue, 25 Oct 2016 22:56:43 +0200
Message-ID: <CA+eFz_L+_YMDYR9sd9SRVbUW7NvmEn0aBiXDSe4XwQ1KJbPVuw@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: multipart/alternative; boundary="001a113d3034f466cb053fb6be15"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/CCfR7J_dWP37Z9xNo_PVIvC9A_g>
Cc: saag <saag@ietf.org>
Subject: Re: [saag] presentation format for hash of public key
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2016 20:56:57 -0000
The crypto-conditions specification defines a format for what is effectively a public key fingerprint. It's what we call the the "condition". It has 4 parts. A type (which determines how the fingerprint is generated) a bitmask of features that would be required to validate the "fulfillment" (signature) and a max fulfillment size (which indicates the max size of the signature to allow a system to check (based just on the condition) if it will be capable of validating the fulfillment later. Latest draft is at: https://datatracker.ietf.org/doc/draft-thomas-crypto-conditions/ I'm presenting the ID in Seoul if anyone is interested and will be pushing a revised ID in the next few days to hopefully make it much easier to grok the goals and usage. This might not be what you're looking for exactly but I guess that depends on the NEED for the public key fingerprint On 25 October 2016 at 19:46, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > I'm getting that perhaps we have no specification here. > Would one be useful? > > Paul Lambert <paul@marvell.com> wrote: > > In other forums I¹ve been using a hash of the public key > > and the associated cipher suite identifier (csi): > > > uaid = h( csi , public_key ) > > > The hash used depends on the cipher suite identifier. > > Can you give me examples of this case? > Who defines "csi" here? > > I'd ideally like something that works across uses (IPsec, S/MIME, TLS, > etc.) > not because I think reusing keys is a great thing, but because sometimes > users put the wrong cert into the wrong place... > > > > The display representation is optimized for readability > > and recommends a base27 encoding. For example: > > > Q4RM-K4FZ-T432-RZ4Q-ZA88-YQ94 > > > The base27 encode/decode string is: > > b27string = 'ABCDEFGHJKMNPQRTWXYZ2346789' > > > > This string is selected to remove visually the > > ambiguous characters: > > 0O 1Iil 5S UV > > > The separator characters (Œ-Œ) are optional, but recommended. > > > The encoding allows input in lower or upper case, but the > > displayed representation should always be upper case for readability. > > > Paul > > > PS - example/reference code for base27 in: > > https://github.com/nymble/cryptopy/blob/master/cipher/encoding.py > > > > > > -----Original Message----- > > From: saag <saag-bounces@ietf.org> on behalf of "Salz, Rich" > > <rsalz@akamai.com> > > Date: Monday, October 24, 2016 at 1:56 PM > > To: Michael Richardson <mcr+ietf@sandelman.ca>, saag <saag@ietf.org> > > Subject: Re: [saag] presentation format for hash of public key > > >> For what it's worth, OpenSSL does octet pairs separated by colon. > >> ; openssl x509 -fingerprint -in apps/server.pem > >> SHA1 > >> Fingerprint=E8:4A:8E:20:76:4E:EF:0E:ED:BE:54:9F:91:8C:A4:F6: > A2:B3:D1:04 > >> -----BEGIN CERTIFICATE----- > >> MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV > >> ... > >> JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA== > >> -----END CERTIFICATE----- > >> > >> _______________________________________________ > >> saag mailing list > >> saag@ietf.org > >> https://www.ietf.org/mailman/listinfo/saag > > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > >
- [saag] presentation format for hash of public key Michael Richardson
- Re: [saag] presentation format for hash of public… Salz, Rich
- Re: [saag] presentation format for hash of public… Paul Lambert
- Re: [saag] presentation format for hash of public… Michael Richardson
- Re: [saag] presentation format for hash of public… Adrian Hope-Bailie
- Re: [saag] presentation format for hash of public… Mohit Sethi