Re: [saag] encrypted files with UTF-8/16 passwords
Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> Mon, 03 April 2017 09:22 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EAD612960B for <saag@ietfa.amsl.com>; Mon, 3 Apr 2017 02:22:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1rCOLxq0sILM for <saag@ietfa.amsl.com>; Mon, 3 Apr 2017 02:22:36 -0700 (PDT)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08C3D129590 for <saag@ietf.org>; Mon, 3 Apr 2017 02:22:36 -0700 (PDT)
Received: by mail-qt0-x230.google.com with SMTP id n21so106780490qta.1 for <saag@ietf.org>; Mon, 03 Apr 2017 02:22:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=1MrBRrC9Mpzhkt93LeZ8ICnsrSkUCwGbzqC0lN9e134=; b=qmd0pe8ALd3I0+Lh3ihpNF2fGK28XoJ6xlFzfjb3HmY8pl4XzrFPaUCOS+0N+Ihwue PU5KyKgkVFDUywuTu8+KD0IXVwOMEzD+NjcLisMDNuAje2CI8i3/RoJ8e27dakqTMOlO VbYZIKtmz7TQWsoJl2SOhJ7iR+GZx0Y9Q7XM00Zm5qcPf5Vj+eD9N9dW/P2Hb1+8x2/U yxTUfuD28AubmVY3XEaJdoPFLTLFBuRW3kbioTyBm6osa83YHQW+OqiAixwCC7zjQTsW JgtzmAOxtw2/CqynL9Dw8VwdmZA6rth5UVSYIQwtzaXMU2tLCcY+4VxehbL5OIEssSct Oakw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=1MrBRrC9Mpzhkt93LeZ8ICnsrSkUCwGbzqC0lN9e134=; b=iWM9oayXVbKic4iCDlR8siXgqeLNVQvlAMcGbK/2jQ1NKXd0u3cX/ingF+DpN3X1b/ q6gnOTPd+H3wvhXALssB1Tm3keoLAYTCDcsGQ5P8taaiwFhZBT83sRPZPvVan40xosMA WbVucuaUC6+Bn9VHMOzLeC+fxyBgbmv0edLuwDnUWU/RDEKg0pJqAxoLH9rMRK4PEMUP mImlvkZQSNPDP+M50MYI2z4SXq0tBTQlKWmfLxgTT0Av7Sf2FTEeFHADewdY/U1DhzT7 FE6CSedJ/UDhd0bqy9OTtZC+LYL7ttmm/j80k43QWjwdfFZHclelx5GrURzq40cTFj7P O7gA==
X-Gm-Message-State: AFeK/H2vTBGOCRDBkYO4zzfQe94w56dxxqlWYWs3XGVMz1CkCvz05odhhwlUqQg8TMhqo1CRN0VsUHJ+mQ2OGA==
X-Received: by 10.237.36.53 with SMTP id r50mr16643287qtc.46.1491211355074; Mon, 03 Apr 2017 02:22:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.12.175.216 with HTTP; Mon, 3 Apr 2017 02:21:54 -0700 (PDT)
In-Reply-To: <EC15E156-FE69-4BAC-A127-38D7CB516F55@emc.com>
References: <CAJU7zaKRo0JkhDa7VTxd7=G6Vtuf4XiV2Kwq_-DB8KQ7R4yAxw@mail.gmail.com> <EC15E156-FE69-4BAC-A127-38D7CB516F55@emc.com>
From: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Date: Mon, 03 Apr 2017 11:21:54 +0200
Message-ID: <CAJU7za++NYj6AvykAbCDtEniVxnO3CdkhuCwceNpO1505X+X2A@mail.gmail.com>
To: "Moriarty, Kathleen" <Kathleen.Moriarty@dell.com>
Cc: IETF SAAG <saag@ietf.org>, "mnystrom@microsoft.com" <mnystrom@microsoft.com>, "bkaliski@verisign.com" <bkaliski@verisign.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/STcizjP7tVYQANm-_HwWNQr7DXw>
Subject: Re: [saag] encrypted files with UTF-8/16 passwords
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Apr 2017 09:22:38 -0000
I have put an initial draft suggesting the utilization of RFC7613 for UTF-8 password normalization. I'd appreciate comments on the approach and on the usage of RFC7613 in general. https://gitlab.com/nmav/ietf-pkcs5 PS. I've started a discussion on the suitability of RFC7613 for passwords at the precis list: https://mailarchive.ietf.org/arch/msg/precis/WRFASSjZzb2ddqZJc5bkOlslOLE On Fri, Mar 24, 2017 at 3:53 PM, Moriarty, Kathleen <Kathleen.Moriarty@dell.com> wrote: > Hi Nikos, > > They are just informational because they were contributed as existing standards. Change control has been handed over to the IETF, so an update could happen to make them standards track. Or you could start an updated draft to add what you need and we'll figure out if it has to stay informational or not. > > Thanks, > Kathleen > > Sent from my iPhone > >> On Mar 24, 2017, at 4:08 AM, Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> wrote: >> >> Hi, >> PKCS#8 (rfc8018) and PKCS#12 (rfc7292) can be used to encrypt keys >> and certificates with a password. In the first case, PKCS#8 utilizes >> PKCS#5 for converting a password to an encryption key, and PKCS#5 >> requires a password to be in UTF-8. For PKCS#12, a password is input >> in UTF-16 format (mentioned as BMPString in the document) in some >> preset schemes, but uses UTF-8 for newer schemes like AES via PKCS#5. >> >> However, UTF-8 (and UTF-16) are ambiguous. The same string may have >> multiple representations, and for that, there are some guidelines in >> RFC7613 to prepare a unicode string for a password, but they do not >> update either of these documents. >> >> Given that these are informational RFCs, which would be the proper >> method to propose an update on them based on these lines and requiring >> RFC7613 processing for passwords entered in UTF-8? >> >> regards, >> Nikos
- [saag] encrypted files with UTF-8/16 passwords Nikos Mavrogiannopoulos
- Re: [saag] encrypted files with UTF-8/16 passwords Moriarty, Kathleen
- Re: [saag] encrypted files with UTF-8/16 passwords Nikos Mavrogiannopoulos
- Re: [saag] encrypted files with UTF-8/16 passwords 大岩寛
- Re: [saag] encrypted files with UTF-8/16 passwords David Woodhouse
- Re: [saag] encrypted files with UTF-8/16 passwords Nikos Mavrogiannopoulos
- Re: [saag] encrypted files with UTF-8/16 passwords Nikos Mavrogiannopoulos
- Re: [saag] encrypted files with UTF-8/16 passwords David Woodhouse
- Re: [saag] encrypted files with UTF-8/16 passwords Nikos Mavrogiannopoulos
- Re: [saag] encrypted files with UTF-8/16 passwords David Woodhouse
- Re: [saag] encrypted files with UTF-8/16 passwords Nikos Mavrogiannopoulos
- Re: [saag] encrypted files with UTF-8/16 passwords Russ Housley
- Re: [saag] encrypted files with UTF-8/16 passwords Nikos Mavrogiannopoulos