Re: [saag] ASN.1 vs. DER Encoding
Viktor Dukhovni <ietf-dane@dukhovni.org> Tue, 23 April 2019 18:25 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 940B3120491 for <saag@ietfa.amsl.com>; Tue, 23 Apr 2019 11:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TPGj_4nEoOth for <saag@ietfa.amsl.com>; Tue, 23 Apr 2019 11:25:31 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BE9312048E for <saag@ietf.org>; Tue, 23 Apr 2019 11:25:31 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 9B3FF2AD888; Tue, 23 Apr 2019 14:25:30 -0400 (EDT)
Date: Tue, 23 Apr 2019 14:25:30 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: saag@ietf.org
Message-ID: <20190423182530.GD87116@straasha.imrryr.org>
Reply-To: saag@ietf.org
References: <20190330153101.GT35679@kduck.mit.edu> <C3D9DD15-AB23-4B42-BA61-A4E4CD826B77@huitema.net> <F6387640-20F3-4B3C-8E61-58CAF7828CA1@tzi.org> <269bee5d-e225-3484-04ed-3e5de6c19081@cs.tcd.ie> <CAMm+Lwi1pNje_9HMYnf-gQN8scggQDTUB0z0uCsy9trtaYKBsg@mail.gmail.com> <20190422211449.GD3137@localhost> <233FB845-976C-49CA-ADA6-C97035A2426F@vigilsec.com> <20190423035415.GG3137@localhost> <6958.1556032103@dooku.sandelman.ca> <20190423151930.GI3137@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190423151930.GI3137@localhost>
User-Agent: Mutt/1.11.4 (2019-03-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/dqeF-hXOqotE-VZwNrxIC0W5VFg>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 18:25:35 -0000
On Tue, Apr 23, 2019 at 10:19:31AM -0500, Nico Williams wrote: > On Tue, Apr 23, 2019 at 11:08:23AM -0400, Michael Richardson wrote: > > >> X.500 one are used in certificates. I strongly encourage people to > > >> keep it simple. The bits on the wire sitll get too complicated, but > > >> the code can mostly do exact match processing. > > > > > To keep it simple means to leave the subjectName empty and use dNSName > > > and rfc822Name SANs instead wherever possible. > > > > Yes, but we can't leave the IssuerDN empty, and if we want chains of > > certificates (we do), then we need to put something into the subjectDN. > > Well, there is id-ce-issuerAltName, but indeed, the issuer Name must not > be empty. Of course the chaining need not in principle have been based on a fictional global X.509 directory tree. It could have been just key ids, with the CA names as commentary for human eyes and audit trails. The only downside would then be loss of the ability to bypass path length constraints via self-issued certificates. Not clear we'd really miss that. But this is of course entirely hypothetical... FWIW, despite clear non-compliance with RFC 5280 and potential interoperability risk, some users seem to manage with "self-signed" (below skid == akid) certificates that have empty DNs for *both* the subject and the issuer (and indeed no SANs of any kind). These are of course outside the WebPKI, used solely for unauthenticated or DANE TLS. A live example below, yes, in continuous use for the last 5 years or so. [ The 4096-bit RSA key and ~1000 year validity is a bold challenge to the coming scalable QC crypto apocalypse. :-) ] -- Viktor. Certificate: Data: Version: 3 (0x2) Serial Number: c3:26:2b:13:ca:b1:36:72 Signature Algorithm: sha256WithRSAEncryption Issuer: Validity Not Before: Jul 27 14:59:59 2014 GMT Not After : Nov 27 14:59:59 3013 GMT Subject: Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:b6:d3:42:35:68:e9:2a:9e:ba:f8:f0:f4:bf:30: b5:0b:40:cd:10:4b:20:94:aa:fc:e8:d3:b1:b8:15: cc:24:ba:7f:95:b5:85:92:e9:d5:97:70:d3:fd:b3: c9:91:ba:d5:85:5d:c6:6d:98:8b:c3:b3:79:74:a7: 41:c6:f4:df:14:53:bb:90:21:72:71:ba:e2:56:03: 0a:0b:a9:db:d5:92:d3:90:58:4e:eb:a4:8b:51:80: db:5f:56:26:cf:9b:26:a8:2e:42:df:54:14:86:4e: 1f:ad:b2:9c:57:54:16:7a:39:25:a3:b3:90:97:eb: 70:92:04:27:10:b6:fd:9e:70:4f:b2:02:e2:fa:6d: 90:eb:9a:0c:64:3c:31:86:4c:98:99:47:00:75:b6: d0:bb:80:02:13:c7:43:97:24:ec:1e:3e:b1:1c:d6: c7:b7:de:fc:e8:bb:c6:d8:20:74:16:09:27:2d:17: 17:a5:a4:41:d0:f6:60:de:a2:84:fa:e4:8d:dd:1e: 98:7e:19:75:a4:87:52:18:45:d9:6d:39:3e:2c:b2: 64:1a:13:37:26:3f:72:8c:7d:fe:2e:d6:26:d7:cc: 37:aa:06:4a:2f:ea:bc:0f:00:5f:d5:30:79:e8:11: 21:64:03:b9:91:e5:da:47:6b:7d:43:e6:5e:20:e8: 1d:1d:1e:3d:b8:57:62:01:98:13:5b:cc:a8:9f:6b: d2:34:e0:6f:86:b8:ac:9d:89:f1:e9:27:b9:f8:55: ce:a2:8a:33:2b:ac:3a:65:c0:fb:12:b8:f7:5a:47: a6:ea:83:80:88:0f:ca:d4:d5:dc:62:5c:08:d9:cf: e6:ca:fe:32:00:9e:e3:c0:53:99:21:a3:c9:4f:66: 07:fc:61:e2:20:18:01:7f:61:dd:e1:72:b5:fd:c3: 97:23:2a:51:bf:42:58:64:0d:2b:4e:cc:85:a0:5e: 01:52:2b:7b:46:f0:63:19:9b:a3:5e:2c:70:23:36: a3:a9:3a:b3:60:2e:ad:78:68:96:ce:a4:4c:ea:13: 77:02:97:c4:55:82:f3:fd:3b:f3:f4:65:4e:dd:3b: fe:d2:dd:d0:da:29:e8:3e:dd:a9:e3:c6:16:db:eb: f8:90:72:dc:54:37:17:15:c9:43:1f:de:9d:5b:02: 5e:03:a9:3e:78:75:15:4d:bc:84:bf:a0:7e:4a:68: 7d:2b:c6:c5:b5:da:09:8b:f3:45:6e:82:2b:8b:be: e9:5d:b7:b3:f0:e8:0d:04:8c:e3:b8:ca:23:1d:dc: 10:09:09:2e:1e:bf:23:4c:67:be:64:c1:90:fd:62: 57:17:d4:33:e6:1d:4c:70:d7:58:f6:17:5e:d2:4b: d5:1f:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 98:C6:9B:D5:20:5C:1D:A8:31:39:BD:78:11:37:FF:BD:AD:5B:BD:59 X509v3 Authority Key Identifier: keyid:98:C6:9B:D5:20:5C:1D:A8:31:39:BD:78:11:37:FF:BD:AD:5B:BD:59 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption 8d:47:1d:df:5f:63:ec:db:7b:a3:a3:a6:50:d0:76:f5:1a:86: da:21:bf:78:4d:4c:ab:ef:af:a1:be:e9:a5:29:20:6b:05:a3: 88:85:0e:57:17:9c:e6:8c:f5:87:c7:07:a3:7b:ed:7d:f4:03: 07:5a:6e:b4:bf:9c:db:6d:33:24:ae:4d:0e:39:06:54:9e:71: 68:f6:5d:58:e9:19:ff:ef:e2:e5:7c:a9:b9:da:21:dd:14:19: d8:c1:6b:ab:ae:fd:2f:86:14:b9:8f:bf:77:75:b8:07:cc:0a: 62:8a:00:98:c4:fb:0e:ec:ef:f7:11:88:0a:05:0e:ef:9b:c0: 98:e0:39:47:c0:83:af:5a:f6:aa:3d:8f:2c:5d:b1:95:b4:93: a1:86:bf:1d:b1:45:91:e5:7f:6f:63:ab:59:cf:03:4e:c0:37: fe:ce:9f:2d:cd:64:a1:81:62:00:79:32:4d:b0:43:2e:58:6e: c7:79:f7:b6:74:be:c9:65:c6:2f:d0:e9:b8:56:60:d4:46:48: d8:6d:da:b2:81:59:a9:f4:94:8c:c4:9f:f6:ab:16:6f:f1:04: e7:e9:2a:bb:04:1f:4d:c5:c2:e0:0b:b0:60:d8:1c:31:59:da: c6:32:6c:77:8b:db:e7:77:88:4d:15:45:c9:ea:b8:95:5a:d3: d6:5f:19:ed:cd:5d:84:0d:30:75:70:ac:a3:9a:6d:83:fe:bc: 60:fa:bb:2b:48:d7:12:eb:4a:e3:40:bf:01:56:a9:0d:d4:fc: 49:88:70:6b:0a:24:36:e8:c2:dd:ea:6c:67:cf:5e:d2:0a:7a: 31:b8:92:93:7c:f5:8c:91:8e:e9:d9:39:ec:1f:f2:98:0c:3d: d5:33:33:53:bd:b1:63:b6:18:e3:20:c6:50:2a:f1:09:50:5d: 88:69:76:91:38:a1:c1:47:71:09:12:75:6d:a0:17:72:ad:e6: 78:40:18:d3:04:04:70:3a:bf:74:45:0c:48:7a:7b:fe:0a:fd: ff:cb:ae:f7:85:50:fa:e2:23:73:87:54:ea:80:7e:c9:5f:da: 80:3f:af:04:3a:58:d8:4b:24:75:58:a0:c5:94:0a:b8:8e:62: 15:7e:3e:da:41:a8:a2:80:1b:c6:43:03:ae:2c:8c:fc:c7:83: df:38:df:b8:12:d2:ac:c1:10:b4:66:75:77:c8:a5:6f:49:16: c4:27:04:c2:fe:52:a4:ef:62:86:25:00:e7:ce:02:e7:4d:6c: c8:60:83:1f:4c:ba:d9:1b:83:da:cc:5d:bf:89:37:04:a7:85: 62:de:4d:2c:4e:d0:13:c4:cd:81:51:4a:b0:07:53:95:6f:42: 9e:2e:32:12:7b:1c:c1:c3 -----BEGIN CERTIFICATE----- MIIE1TCCAr2gAwIBAgIJAMMmKxPKsTZyMA0GCSqGSIb3DQEBCwUAMAAwIBcNMTQw NzI3MTQ1OTU5WhgPMzAxMzExMjcxNDU5NTlaMAAwggIiMA0GCSqGSIb3DQEBAQUA A4ICDwAwggIKAoICAQC200I1aOkqnrr48PS/MLULQM0QSyCUqvzo07G4Fcwkun+V tYWS6dWXcNP9s8mRutWFXcZtmIvDs3l0p0HG9N8UU7uQIXJxuuJWAwoLqdvVktOQ WE7rpItRgNtfVibPmyaoLkLfVBSGTh+tspxXVBZ6OSWjs5CX63CSBCcQtv2ecE+y AuL6bZDrmgxkPDGGTJiZRwB1ttC7gAITx0OXJOwePrEc1se33vzou8bYIHQWCSct FxelpEHQ9mDeooT65I3dHph+GXWkh1IYRdltOT4ssmQaEzcmP3KMff4u1ibXzDeq Bkov6rwPAF/VMHnoESFkA7mR5dpHa31D5l4g6B0dHj24V2IBmBNbzKifa9I04G+G uKydifHpJ7n4Vc6iijMrrDplwPsSuPdaR6bqg4CID8rU1dxiXAjZz+bK/jIAnuPA U5kho8lPZgf8YeIgGAF/Yd3hcrX9w5cjKlG/QlhkDStOzIWgXgFSK3tG8GMZm6Ne LHAjNqOpOrNgLq14aJbOpEzqE3cCl8RVgvP9O/P0ZU7dO/7S3dDaKeg+3anjxhbb 6/iQctxUNxcVyUMf3p1bAl4DqT54dRVNvIS/oH5KaH0rxsW12gmL80VugiuLvuld t7Pw6A0EjOO4yiMd3BAJCS4evyNMZ75kwZD9YlcX1DPmHUxw11j2F17SS9UfmwID AQABo1AwTjAdBgNVHQ4EFgQUmMab1SBcHagxOb14ETf/va1bvVkwHwYDVR0jBBgw FoAUmMab1SBcHagxOb14ETf/va1bvVkwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B AQsFAAOCAgEAjUcd319j7Nt7o6OmUNB29RqG2iG/eE1Mq++vob7ppSkgawWjiIUO Vxec5oz1h8cHo3vtffQDB1putL+c220zJK5NDjkGVJ5xaPZdWOkZ/+/i5Xypudoh 3RQZ2MFrq679L4YUuY+/d3W4B8wKYooAmMT7Duzv9xGICgUO75vAmOA5R8CDr1r2 qj2PLF2xlbSToYa/HbFFkeV/b2OrWc8DTsA3/s6fLc1koYFiAHkyTbBDLlhux3n3 tnS+yWXGL9DpuFZg1EZI2G3asoFZqfSUjMSf9qsWb/EE5+kquwQfTcXC4AuwYNgc MVnaxjJsd4vb53eITRVFyeq4lVrT1l8Z7c1dhA0wdXCso5ptg/68YPq7K0jXEutK 40C/AVapDdT8SYhwawokNujC3epsZ89e0gp6MbiSk3z1jJGO6dk57B/ymAw91TMz U72xY7YY4yDGUCrxCVBdiGl2kTihwUdxCRJ1baAXcq3meEAY0wQEcDq/dEUMSHp7 /gr9/8uu94VQ+uIjc4dU6oB+yV/agD+vBDpY2EskdVigxZQKuI5iFX4+2kGoooAb xkMDriyM/MeD3zjfuBLSrMEQtGZ1d8ilb0kWxCcEwv5SpO9ihiUA584C501syGCD H0y62RuD2sxdv4k3BKeFYt5NLE7QE8TNgVFKsAdTlW9Cni4yEnscwcM= -----END CERTIFICATE-----
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- [saag] ASN.1 vs. DER Encoding Dr. Pala
- Re: [saag] ASN.1 vs. DER Encoding Yoav Nir
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Volker Birk
- Re: [saag] ASN.1 vs. DER Encoding Volker Birk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Carl Wallace
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Dr. Pala
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Sean Leonard
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Christian Huitema
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Stephen Farrell
- Re: [saag] ASN.1 vs. DER Encoding Salz, Rich
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Salz, Rich
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Russ Housley
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Watson Ladd
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Adrian Hope-Bailie