Re: [Secdispatch] Deterministic generation of public key pairs
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 10 March 2020 17:36 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5E1A3A1810 for <secdispatch@ietfa.amsl.com>; Tue, 10 Mar 2020 10:36:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yiAGEDmyR0S2 for <secdispatch@ietfa.amsl.com>; Tue, 10 Mar 2020 10:36:25 -0700 (PDT)
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97E413A180B for <secdispatch@ietf.org>; Tue, 10 Mar 2020 10:36:25 -0700 (PDT)
Received: by mail-oi1-f174.google.com with SMTP id i1so14694909oie.8 for <secdispatch@ietf.org>; Tue, 10 Mar 2020 10:36:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2MSJTFi7nu29xwC8h/yZZHgR+NQZBjbbMwuMfegva7g=; b=WNrljsRPKLeb58yI5f6ejiuBqP8Kr3IFBfqzC/ZkwLgsUVPHEim5mhYPbEJaLSAsQc 6sf3Mq7mn/vCx5oMhL9bMSQcbH1m4b2JwS+1P+ZYnFrz3GFxphg9FIew5+Mj7N7affP+ wi8dw2DKXZS1ou1H3KBKt4xoOQXHTIEUeWZiv+nGpa3fSpodq5o3NYNeRkW+gfm/UnOv 94tmViNFiMyPzer9bB1yO9wZvgyP0b1+A/1HRZkRU7rBOHUOFyoIvpBBL1cAyY1ui0tA 71KgPplpcAX6llagrFARXKlYX6YjUTzlXG25LwUPVV1iuGU0Y7l5g4xrURZSehUHbqTr oQCw==
X-Gm-Message-State: ANhLgQ17F0VCHUKfWLpBVlcsvAjr6IZZK1zVZcvfCSvAgFIV+rPkmPMf krrHT4ojxGZpf0dN5E7jw6jOLYka4VZBBi924zVJoYa/
X-Google-Smtp-Source: ADFU+vtsIHyQKOMhV9Fa/azl745m4Tm74yYNPydW0tRXzq7Hmah2Iqm903Jzq2PkTJhT4MGE1zAFwfZ/1CYPUqiRVcc=
X-Received: by 2002:aca:4106:: with SMTP id o6mr1995530oia.173.1583861784883; Tue, 10 Mar 2020 10:36:24 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwhDvpN93TeQYcH07Sgi7xU18MLq8vrb7Azesrc6kvnxXg@mail.gmail.com> <13723.1583861278@localhost>
In-Reply-To: <13723.1583861278@localhost>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 10 Mar 2020 13:36:14 -0400
Message-ID: <CAMm+LwgVoRW7fcYxjhZS3jXBwgTX0Dgk5E1oGKdwrnNHVwU=1Q@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000fb76305a0838f54"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/hs5bMlOJTu3dlwIyEuQ9wFVd608>
Subject: Re: [Secdispatch] Deterministic generation of public key pairs
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 17:36:27 -0000
On Tue, Mar 10, 2020 at 1:28 PM Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > Phillip Hallam-Baker <phill@hallambaker.com> wrote: > > udf config ssh-agent ZAAA-FFQA-3LE5-SAHG-E6K6-HOTN-TVLB-K4A > > > This is a seed that can be written down and can be used to generate a > > private keypair using any of the commonly used public key > algorithms. So > > you can use it for any application where you would use traditional > key > > escrow. > > > One thing I use this for is to move S/MIME and PGP keys about. Can > also use > > it to keep a paper back up of whole disk encryption keys etc. > > > The spec (but not the tool yet) also supports Shamir Secret Sharing. > I need > > to rejig that to match the developments in the threshold spec. > > > > So is this something we should do and if so where? This is separable > from > > the Mesh and does have some functionality overlap. But it also makes > a lot > > of common sysadmin config much easier. > > I think AD sponsorship for the entire UDF document. > (Not just the deterministic key generation part. or was that part of your > goal?) > I would like to do the whole doc can drop Secure Internet Names which are a bit on the edge. The digest function parts could be bikeshedded of course but probably not usefully. > A better name is needed, as there has been snakeoil created that had a > similar name. > I am OK with the IETF calling it anything people like except for Fred. If isn't really a fingerprint format at this point either.
- [Secdispatch] Deterministic generation of public … Phillip Hallam-Baker
- Re: [Secdispatch] Deterministic generation of pub… Michael Richardson
- Re: [Secdispatch] Deterministic generation of pub… Phillip Hallam-Baker
- Re: [Secdispatch] Deterministic generation of pub… Michael Richardson