Re: [saag] presentation format for hash of public key
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 25 October 2016 17:46 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 836BD129652 for <saag@ietfa.amsl.com>; Tue, 25 Oct 2016 10:46:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.332
X-Spam-Level:
X-Spam-Status: No, score=-2.332 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3Ns1VqJHq0F for <saag@ietfa.amsl.com>; Tue, 25 Oct 2016 10:46:53 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F431129430 for <saag@ietf.org>; Tue, 25 Oct 2016 10:46:53 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id A4BB6200A3; Tue, 25 Oct 2016 14:01:51 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id EE1C3639BA; Tue, 25 Oct 2016 13:46:51 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Paul Lambert <paul@marvell.com>
In-Reply-To: <D433CBB1.A403D%paul@marvell.com>
References: <13018.1477342431@obiwan.sandelman.ca> <f738e80c52a843f4b9facba3f80b183d@usma1ex-dag1mb1.msg.corp.akamai.com> <D433CBB1.A403D%paul@marvell.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Tue, 25 Oct 2016 13:46:51 -0400
Message-ID: <3918.1477417611@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/g5E-TlZKlEG5gfkPSqis3LuR6v8>
Cc: saag <saag@ietf.org>
Subject: Re: [saag] presentation format for hash of public key
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2016 17:46:55 -0000
I'm getting that perhaps we have no specification here. Would one be useful? Paul Lambert <paul@marvell.com> wrote: > In other forums I¹ve been using a hash of the public key > and the associated cipher suite identifier (csi): > uaid = h( csi , public_key ) > The hash used depends on the cipher suite identifier. Can you give me examples of this case? Who defines "csi" here? I'd ideally like something that works across uses (IPsec, S/MIME, TLS, etc.) not because I think reusing keys is a great thing, but because sometimes users put the wrong cert into the wrong place... > The display representation is optimized for readability > and recommends a base27 encoding. For example: > Q4RM-K4FZ-T432-RZ4Q-ZA88-YQ94 > The base27 encode/decode string is: > b27string = 'ABCDEFGHJKMNPQRTWXYZ2346789' > This string is selected to remove visually the > ambiguous characters: > 0O 1Iil 5S UV > The separator characters (Œ-Œ) are optional, but recommended. > The encoding allows input in lower or upper case, but the > displayed representation should always be upper case for readability. > Paul > PS - example/reference code for base27 in: > https://github.com/nymble/cryptopy/blob/master/cipher/encoding.py > -----Original Message----- > From: saag <saag-bounces@ietf.org> on behalf of "Salz, Rich" > <rsalz@akamai.com> > Date: Monday, October 24, 2016 at 1:56 PM > To: Michael Richardson <mcr+ietf@sandelman.ca>, saag <saag@ietf.org> > Subject: Re: [saag] presentation format for hash of public key >> For what it's worth, OpenSSL does octet pairs separated by colon. >> ; openssl x509 -fingerprint -in apps/server.pem >> SHA1 >> Fingerprint=E8:4A:8E:20:76:4E:EF:0E:ED:BE:54:9F:91:8C:A4:F6:A2:B3:D1:04 >> -----BEGIN CERTIFICATE----- >> MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV >> ... >> JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA== >> -----END CERTIFICATE----- >> >> _______________________________________________ >> saag mailing list >> saag@ietf.org >> https://www.ietf.org/mailman/listinfo/saag -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [saag] presentation format for hash of public key Michael Richardson
- Re: [saag] presentation format for hash of public… Salz, Rich
- Re: [saag] presentation format for hash of public… Paul Lambert
- Re: [saag] presentation format for hash of public… Michael Richardson
- Re: [saag] presentation format for hash of public… Adrian Hope-Bailie
- Re: [saag] presentation format for hash of public… Mohit Sethi