Re: [saag] PKIX and related RFCs - definition of Key Packages
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Thu, 17 June 2021 13:07 UTC
Return-Path: <prvs=58025a035a=uri@ll.mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 951493A1F0E;
Thu, 17 Jun 2021 06:07:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001,
SPF_HELO_NONE=0.001, SPF_NONE=0.001, UNPARSEABLE_RELAY=0.001]
autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id hKwBY7hRC9IX; Thu, 17 Jun 2021 06:07:06 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id AABE33A1F0D;
Thu, 17 Jun 2021 06:07:06 -0700 (PDT)
Received: from LLE2K16-HYBRD01.mitll.ad.local (LLE2K16-HYBRD01.mitll.ad.local)
by llmx2.ll.mit.edu (unknown) with ESMTPS id 15HD6vd9003207;
Thu, 17 Jun 2021 09:06:57 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none;
b=tChPvZrviKvkwzUEoh+nWD4Y5F/Dg0VxiXkd7hARzXnW62+OHHVxKOIYzREGZ6OGVXMmyWERQ13O9GTaJp7cEkB2GOMwfyPvssbqv/G+JQ/i65In/31gXUOQG7UW6/iAzLFYgJwC6sEREWBFWCSjj8r/jcOIzY8Ysin/mWR1FfKbx0j5r+ORExujxvBgJZO0OHDJ7CUVuJPkUGDJqIB8gPSfz0+l/zWyqSHuAJJnZ2MeZSX4s+pcMOn+hWbpCixH1WrYSOC+aqLVtdO1c+Wj4gCTwG6X2+4D3/Ovp8v14otECZmjxat+G5aFOZLIhbNnqyn7m3UTHDpbjMPYSanULw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector5401;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=m70u6aesdx+v/4KUzt2nyAuAQbHSemqRlwK4yCj+GoM=;
b=uyM/q7x9x0VlFD9Ys7YkakmQg+JNQ/bExHaLQI0EoB1Uxbj0/dz2z3B38FNqj3AnAN/qtlHiYsRycmMtK3rVPwtR9Itn4G6leHVeGIW5pSI79BLGTgfkyZiPzmRZiNGu5qbCMGyBnaGOZOC42Dv2fUEQ4wJfdWPet7FOs+kSNDDHlnVoDVRViALBPTRX1BiAhC3G1ePZOPy5BjMM2+xt5nVvhNg2Ttu1aAqqhPuL/TTK3ToVPsl9eLm2ByOmlxxwnJGvhQlQAl3jeLa/QSoeR9w2qPafMo+TgTb9C8VBGdFLw7+IXld6iuHEQC4PwS2/R6SF4Yp1bQLcvD5hbEd9pQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu;
dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "saag@ietf.org" <saag@ietf.org>
CC: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: PKIX and related RFCs - definition of Key Packages
Thread-Index: AQHXYvGmnmRPUPebfEy9d3ZvsQ8nLqsXun25gAAv0QA=
Date: Thu, 17 Jun 2021 13:06:50 +0000
Message-ID: <F1A6EE33-5CEE-4DA2-88D3-A87133F897CF@ll.mit.edu>
References: <B8006164-51AD-4B3B-9CE7-83B0574294F8@ll.mit.edu>
<SY4PR01MB62511B1911DD23ADF0169307EE0E9@SY4PR01MB6251.ausprd01.prod.outlook.com>
In-Reply-To: <SY4PR01MB62511B1911DD23ADF0169307EE0E9@SY4PR01MB6251.ausprd01.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.49.21050901
authentication-results: cs.auckland.ac.nz; dkim=none (message not signed)
header.d=none;cs.auckland.ac.nz; dmarc=none action=none
header.from=ll.mit.edu;
x-originating-ip: [129.55.200.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3af791c3-dabb-41c7-1884-08d93190c55d
x-ms-traffictypediagnostic: SN5P110MB0574:
x-microsoft-antispam-prvs: <SN5P110MB057403369D2D6FB780E34E1E900E9@SN5P110MB0574.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:3276;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 26mx6zPyOj/MkRXe71GaJKmLgJr0I6UBNr+oVNbbsZS8I2wg6CCRMG7IBCvPAW2uFQ8VG0aE2OfMFG3wrZfw6a1M04FRBhi5LweGqpZPSaZalcplokhbwMYXdAmVN9EcKZK9zDnBumdjJdByhN5NWdcUKup81nbsm5n/DEpfa+rGlHPar2COFjYnbnyrkYpLieRQbOAUTgM9GPHK9ey6Zi8OTFHEghIrhnqwRZLoX25WL5Cu2ebJT3IxFTuzpgATRNStZa2aG1bLgofOy2OnBD+C2SQ8jQ0H8wxlTRM9SmkkprtDI5YCsDn50tOTqjIy4CLIGd8EoR+cnRi79DWnh7J+4wzWUVhmE53hJAh5n2ZUEt1rlSqBg8XCMwqU0D+sqgZb91uRonGoZcMMqDYN2WoP3/hRVS/JZzv6949lUnkeqKHP0/3GuieiH57ONkLU6jDcjIHm3jJfCfNDTtTD55J8fGoVImwsfSuvgvdWlmeWnq83ZugXeKsGgVT5sms0bBhh186/h/apu1gSc/AwIAnt8bjw6aX+6rOBSJ3geO9GygEEHxSeASsw93JQVlLLC1w/Z8+iizIx5M7Bgv6U+Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:SN5P110MB0560.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE;
SFS:(4636009)(396003)(376002)(346002)(366004)(136003)(39850400004)(33656002)(6506007)(8676002)(122000001)(75432002)(38100700002)(86362001)(66446008)(66476007)(76116006)(8936002)(64756008)(66616009)(2616005)(66946007)(71200400001)(66556008)(478600001)(186003)(110136005)(6512007)(6486002)(4326008)(316002)(83380400001)(26005)(99936003)(5660300002)(2906002)(45980500001);
DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: acJhJGW9A8sllkO64T9rO2/VCI3Fv03QyAfRN/K/y0sSzMuImn3/Lt7/O0cmUJUpNXd4J05IKHtr1SaxXWQF+P6L7KvKwJ5CA3MvGWsL9PCrczld4Atvod9+9n6HSre1Xef5r89Cq6LyfisIvteuhiXZP5sVfvFulmHdiZoW4lSHAzjcYDaQxvzqrjJjg90WBsba/mXNS1qkaAtk6vB79izO+0OfuQ+vVkNxamWSV/jo7R6wCr+XHV25HpHOJFY6OIDoUpF6MUqwZ/CV6mvwiIxAcS+SKqb6Y0CpWrq4CUeizHlNESeDai9YK3TV5lnlonxeAV6bZ9uK/uv/F5cxyGzmWZvMJYKFvz763Ddx81UBA/LXuqh4nfBJJ8y4oaYnV+7aV9E8moBryTdg6gF8vKzRwj4cITFuGWqbetqoOOFdEd4NKwhSiUeuiP8oJfTYTvDQ8WfrNnzXXhOX4fu6JOIaPVYPV4Yi0UDimBPNtw2ogedEAtg04VbXe2iz5WwSDpKMx1HIaejhMBjUB7ntlDcY92vN9KiSOqrhoS0709OQUG2YexI5TyaIjqbc+iiBCDuIHLYTM9/kZykELjZnqBe8KbILj+ccO5t3Ygk4oxbcXQnvEKsOnitWa0P090PItS2DRk4TlTZb+nybtfGWxrQG1UERcND8X6z3ACQ08w/kaYwziz7xXMPHaHVfRg6IWXVWA19zYFd5R0wrDrGxBg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
micalg=sha256; boundary="B_3706765606_549334807"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN5P110MB0560.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 3af791c3-dabb-41c7-1884-08d93190c55d
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jun 2021 13:06:50.4030 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN5P110MB0574
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790
definitions=2021-06-17_10:2021-06-15,
2021-06-17 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0
malwarescore=0
phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
engine=8.0.1-2103310000 definitions=main-2106170085
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/lWu1U9y3aLqIoENvTtmefIUmQRA>
Subject: Re: [saag] PKIX and related RFCs - definition of Key Packages
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>,
<mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>,
<mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jun 2021 13:07:12 -0000
> I think the short answer is that public keys are usually exchanged by sending certificates. I'm not sure I understand - private keys usually are not exchanged at all, and yet there's a whole bunch of ASN.1 stuff describing them. > Raw public keys that are not associated with an identity can lead to subtle security > vulnerabilities (Mallory swaps Mallory's public key for Alice's without Bob noticing). This is supposed to be not about what good a standalone public key is - but about how to represent and encode that public key in an interoperable way. Whether such encoding makes sense outside of any context is a totally different question, which to me seems irrelevant to the main one - how to encode a public key that is not a simple big integer. > Sorry to be the bearer of bad news, but you may be headed for a serious encounter > with X.509, e.g., via RFC 5280. That is indeed bad news, but on the other hand - a good start. __ > >Yet the definitions invest in the details of the private keys, leaving the > >public key as “BIT STRING OPTIONAL”. Why is it so? > > Cargo cult protocol design. Back in the late 1980s someone decided that holes > containing keys had to be BIT STRINGs. So today, thirty-plus years later, > holes containing keys are still (mostly) BIT STRINGs even though what's > present in the hole is always an OCTET STRING. Excellent. That means there's no hidden wisdom in there, and I can (and will) in my design revert this to what Common Sense suggests: an OCTET STRING CONTAINING the specific format/encoding structure that a specific algorithm (e.g., lattice-based) would require for ensuring an app can correctly decode it in an interoperable way. > > A lot of the ASN.1 definitions seem to describe how to package private keys. > > . . . [though] . . . the predominant need appears to be exchanging public > > (not private) keys? > > More cargo cult protocol design. PKCS #8 specified the format for RSA private > keys but nothing else, for the simple reason that there was nothing else at > the time. . . . > > As a result, when you write an RFC specifying the format for public keys for > algorithm X for, for example, S/MIME, you also need to specify the private-key > format even though it has nothing to do with S/MIME. Rot bilong kago. Hmm... What would happen if in a new document I choose not to specify private-key format...? Given the fact that it's (practically) never present on the wire, and compliance/interoperability for its implementation cannot be tested? > (And as a general note, a lot of the WTF?!!? stuff in PKIX is explainable > through cargo cult protocol design, it's not just these two). I see. Thank you very much for explaining - unfortunately, it makes a lot of sense. ☹ On the other hand, it seems to mean that (due to this lack of definitions) there's nothing to be backward-compatible with, so one can (finally, hopefully, maybe) do it right... Thanks!
- [saag] PKIX and related RFCs - definition of Key … Blumenthal, Uri - 0553 - MITLL
- Re: [saag] PKIX and related RFCs - definition of … Peter Gutmann
- Re: [saag] PKIX and related RFCs - definition of … Blumenthal, Uri - 0553 - MITLL
- Re: [saag] PKIX and related RFCs - definition of … Peter Gutmann
- Re: [saag] PKIX and related RFCs - definition of … Russ Housley
- [saag] META Re: PKIX and related RFCs - definitio… Phillip Hallam-Baker
- Re: [saag] [lamps] META Re: PKIX and related RFCs… Blumenthal, Uri - 0553 - MITLL