IETF Logo Mail Archive

Re: [sidr] comments on draft-ietf-sidr-rfc6485bis

Sandra Murphy <sandy@tislabs.com> Mon, 14 April 2014 14:43 UTC

Return-Path: <sandy@tislabs.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4E4D1A044B for <sidr@ietfa.amsl.com>; Mon, 14 Apr 2014 07:43:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.173
X-Spam-Level:
X-Spam-Status: No, score=-2.173 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFbq2PSdtNwz for <sidr@ietfa.amsl.com>; Mon, 14 Apr 2014 07:43:20 -0700 (PDT)
Received: from walnut.tislabs.com (walnut.tislabs.com [192.94.214.200]) by ietfa.amsl.com (Postfix) with ESMTP id E92ED1A0186 for <sidr@ietf.org>; Mon, 14 Apr 2014 07:43:18 -0700 (PDT)
Received: from nova.tislabs.com (unknown [10.66.1.77]) by walnut.tislabs.com (Postfix) with ESMTP id 8766928B0046 for <sidr@ietf.org>; Mon, 14 Apr 2014 10:43:16 -0400 (EDT)
Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1]) by nova.tislabs.com (Postfix) with ESMTP id 397B41F803D; Mon, 14 Apr 2014 10:43:16 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <E293915D-2FA8-487C-AE8C-15A13263E559@tislabs.com>
Date: Mon, 14 Apr 2014 10:43:15 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <60ECB09C-3502-48CD-A152-076AE5BF6E39@tislabs.com>
References: <E293915D-2FA8-487C-AE8C-15A13263E559@tislabs.com>
To: "sidr@ietf.org" <sidr@ietf.org>
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/sidr/8v0TXp-Vx3uplprslU1Ps0fweT8
Cc: Sandra Murphy <sandy@tislabs.com>
Subject: Re: [sidr] comments on draft-ietf-sidr-rfc6485bis
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 14:43:22 -0000

And one "I forgot":

   CAs and RPs SHOULD be capable of supporting a transition to allow for
   the phased introduction of additional encryption algorithms and key
   specifications,

Is this any different than the algorithm agility in RFC6916?  If so, I'd think
a reference would be good. If not, could you explain?

--Sandy, speaking as regular ol' member

On Apr 14, 2014, at 9:21 AM, Sandra Murphy <sandy@tislabs.com> wrote:

> Speaking as regular ol' member
> 
> Some comments on draft-ietf-sidr-rfc6485bis-01.txt
> 
> Most of my comments are related to the attempt to add a new OID to
> RFC6485, which previously had only one to specify.
> 
>      *  The signature algorithm used in certificates, CRLs, and signed
>         objects is RSA Public-Key Cryptography Standards (PKCS) #1
>         Version 1.5 (sometimes referred to as "RSASSA-PKCS1-v1_5") from
>         Section 5 of [RFC4055].
> 
> Except that the signed object signature algorithm OID will be
> rsaEncryption which I think is still PKCS#1v1.5, but is not in section
> 5 of rfc4055.  
> 
>                                                     Hashing algorithms
>         are not identified individually in certificates and CRLs,
> ...
>   For generating and verifying certificates, and CRLs the hashing and
>   digital signature algorithms are referred to together,
> 
> And the PKCS/CMRF signatures?  See comment below.
> 
> 
>   Locations for this OID are as follows:
> 
> The previous text talks about three OIDs, so "this" OID is ambiguous.
> Perhaps you just meant "The places where OIDs appear are:".
> The text that follows would then say "an OID appears", not "the
> OID appears".  Not only is there more than one OID to mention, in some
> of those messages, more than one OID appears in the message.
> 
> [[I think this discussion of "where" could go better above the two prior
> paragraphs that talk about what-goes-in-the-where.]]
> 
>      In a certification request, the OID appears in the PKCS #10
>      signatureAlgorithm field [RFC2986], or in the Certificate Request
>      Message Format (CRMF) POPOSigningKey signature field [RFC4211].
> 
> The PKCS and CRMF uses of crypto algorithms are not mentioned in the
> discussion preceding.  I presume the "the OID" text is left over from
> the original RFC6485 and what was meant was the sha256WithRSAEncryption
> OID.  It looks to me like RC2986 leaves that choice free, so this
> text need to say which
> 
>   For CMS SignedData, the object identifier and parameters for SHA-256
>   in [RFC5754] MUST be used for the SignedData digestAlgorithms field
>   and the SignerInfo digestAlgorithm field when generating and
>   verifying CMS SignedData objects.
> ...
>   RPKI implementations MUST accept CMS SignedData objects that use the
>   object identifier and parameters for either rsaEncryption or
>   sha256WithRSAEncryption for the SignerInfo signatureAlgorithm field
>   when verifying CMS SignedData objects.
> 
> I presume accepting sha256WithRSAEncryption is backward compatibiilty
> - just in case some new implementation should appear that implements
> RFC6485, before this spec is published, right?  Since all known
> implementations currently follow this spec? Personal opinion: maybe
> we should not permit the backward compatibility with some hypothetical
> implementation in this short interval, so future coding errors get
> caught?  Or at least note the reason, so future readers are not confused?
> 
> Nits:
> 
> Repetition:
> 
>                                                     Hashing algorithms
>         are not identified individually in certificates and CRLs, as
>         the identity of the hashing algorithm is combined with the
>         identity of the digital signature algorithm.
> ...
> 
>   For generating and verifying certificates, and CRLs the hashing and
>   digital signature algorithms are referred to together,
> 
> I presume this is just repetition, right?  I always wonder about
> repeated messages - is there a difference I did not notice?  So for
> those similarly anxious, maybe a "as noted above"?  (Or leave out the
> first mention - that section is talking about what algorithms there
> are to specify, you could leave it to later to talk about the format of
> expressing a particular choice of algorithm.  Quibble.)
> 
>   For CMS SignedData, the object identifier and parameters for SHA-256
>   in [RFC5754] MUST be used for the SignedData digestAlgorithms field
>   <etc>
> ...
>      In CMS SignedData, the OID appears in each SignerInfo
>      signatureAlgorithm field, the SignerInfo digestAlgorithm field,
>      and in the SignedData digestAlgorithms [RFC5652]; and,
> 
> I presume this is just repetition (reinforcement, for completeness),
> right?  (There's no difference I just don't see?)
> 
> truly nitty:
> 
> FROM
>   For generating and verifying certificates, and CRLs the hashing
> TO
>   For generating and verifying certificates and CRLs, the hashing
> 
> --Sandy, speaking as regular ol' member

v2.23.0 | Report a Bug | By Email