Re: [sidr] rsaEncryption vs sha256WithRSAEncryption in RPKI certificates

Alvaro Retana <aretana.ietf@gmail.com> Fri, 28 June 2019 21:36 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DBA91202BD; Fri, 28 Jun 2019 14:36:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.996
X-Spam-Level:
X-Spam-Status: No, score=-0.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jem5vs8uLtVk; Fri, 28 Jun 2019 14:36:03 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8B6A12028B; Fri, 28 Jun 2019 14:36:02 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id k8so12514830edr.11; Fri, 28 Jun 2019 14:36:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=hKNuaERLnWsMAYFokY+GA/W+UdB3AJ4x/xfVlkTlU80=; b=M8zdrV0KSivPzS9vYVJLj+/7ZO1IcYsBOW3xSLghzFq1k2/Jf74UqQ1hMnNfkD/ZQe 0xvoUK+1fHv/zmq7KK5MM+7MSoI/sxLgWfeADTS3vDVpCVZAGv3lWhIN4Ez0nyhOJ3XL pGxZWbxidHCNaUR3ZnEzJ7ZuwpOu+361f8KdDZLgPjUg4C08TJTmwDJ7Hvfe1f6B5ti+ NMMSSM3um6tGqLVJzYuyecNxMBixGyNV7qir7iCDX8yxLIGbDgFl9CgUcS/PUqDZycQv Ozv/tB7kELdeOckH0aU+eNyANvE9S7MKYH6+14hcUe0V3jciqdO79B6OfZxjfoRJJ+TC vt9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=hKNuaERLnWsMAYFokY+GA/W+UdB3AJ4x/xfVlkTlU80=; b=m3SJnipKp8ckb4R4MHlBG65HYBEaxU5sfpQjeLSgThBHSlJH7ZboM2YYwJgmlEqNuA GDtQOvrfMnAC3qRyprILLLx+Yht/jcJeXQpnQ+LrO3uL6/EK9y67WuWVdNyZrd5ADah9 F8ffh892G4N7NOaPOoII7fezcQbYcLP5pV7fUKHcSiFxuwj8SPtgg0iNmD2jDRkN33qv 2wa278BOkntKGpCrkJ6gIo5uJEvfOzwHEQbqVJ35m/jdmZEwzlruXe8oPiD6UgLtcv7S ufIcEU21cG3UN04v3OL+UJTNNSR/oz2wiv58QgvnsAlRCei7i4KWyaub6bGTZ6VWK9R3 AzeQ==
X-Gm-Message-State: APjAAAXjMRjEhmKdJTQsK2uMgoOo11PI462bcdrYlw93msKL+XOedcc5 Yhp8OmmUq3VrvfSB1uF6KxFK6wyHfJK9xgZ2glA=
X-Google-Smtp-Source: APXvYqxnodRxn2M+XZQxv6tLriNGiBAEHo6fISM3zC6wNdvLPXXn+MVgdInH1aBv3osECfRffvSP+Owto0sS9qcnrWQ=
X-Received: by 2002:a17:906:401a:: with SMTP id v26mr11020624ejj.62.1561757761484; Fri, 28 Jun 2019 14:36:01 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Fri, 28 Jun 2019 16:36:00 -0500
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <CAA0dE=Wzdrr3kQiM98yehFHKeAafPgoRWQXdg1HoO0Ey0caLLQ@mail.gmail.com>
References: <CAA0dE=VOCvxb_0-pEB8CO=JZ9FShVf=pQ43pCmAeYCf9LRTTcw@mail.gmail.com> <ACD43E1A-5BBC-4710-A3D4-72EA7E1BC79F@vigilsec.com> <CAA0dE=Wzdrr3kQiM98yehFHKeAafPgoRWQXdg1HoO0Ey0caLLQ@mail.gmail.com>
MIME-Version: 1.0
Date: Fri, 28 Jun 2019 16:36:00 -0500
Message-ID: <CAMMESsxYwV48N9pa0vuFP01DTJxx67zt4PFSr7OxPZHsj+83xQ@mail.gmail.com>
To: Alberto Leiva <ydahhrk@gmail.com>, Russ Housley <housley@vigilsec.com>
Cc: IETF SIDR <sidr@ietf.org>, SIDR Operations WG <sidrops@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000099399f058c6910d5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/CovVSvKe3-XwWfxBHXYOmL3KlBU>
Subject: Re: [sidr] rsaEncryption vs sha256WithRSAEncryption in RPKI certificates
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2019 21:36:06 -0000

[Adding sidrops.]

Hi!

I was just looking at this report…
https://www.rfc-editor.org/errata_search.php?rfc=7935

The report says: "All existing RPKI readers and writers that I've seen, as
well as the global RPKI repository certificates themselves, currently use
rsaEncryption as the public key algorithm of subjectPublicKeyInfo.
Therefore, this change should also reflect existing practice.”

It turns out that rfc8208, and then rfc8608 Updated rfc7935…the resulting
text is:

   o  algorithm (an AlgorithmIdentifier type): The id-ecPublicKey OID
      MUST be used in the algorithm field, as specified in Section 2.1.1
      of [RFC5480].  The value for the associated parameters MUST be
      secp256r1, as specified in Section 2.1.1.1 of [RFC5480].


The erratum was filed in May of this year, and rfc8608 was published in
June.

Does the report apply to rfc8608, or does the information there reflect
existing practice?

Thanks!

Alvaro.

On May 23, 2019 at 2:17:17 PM, Alberto Leiva (ydahhrk@gmail.com) wrote:

I see. Is this erratum-worthy?

On Thu, May 23, 2019 at 11:23 AM Russ Housley <housley@vigilsec.com>; wrote:
>
>
>
> > On May 22, 2019, at 6:18 PM, Alberto Leiva <ydahhrk@gmail.com>; wrote:
> >
> > Hello
> >
> > Another question.
> >
> > RFC 7935 states the following:
> >
> > 3.1. Public Key Format
> >
> > (...)
> >
> > algorithm (which is an AlgorithmIdentifier type):
> > The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be
> > used in the algorithm field, as specified in Section 5 of
> > [RFC4055]. The value for the associated parameters from that
> > clause MUST also be used for the parameters field.
> >
> > I've never seen a certificate that declares sha256WithRSAEncryption ({
> > pkcs-1 11 }) as its public key algorithm. Every certificate I've come
> > across labels its algorithm as rsaEncryption ({ pkcs-1 1 }).
> >
> > (Certificates always define the signature algorithm as
> > sha256WithRSAEncryption, but that's a different field.)
> >
> > Is everyone doing it wrong, or am I missing something?
> >
> > I'm aware that this is likely a triviality--rsaEncryption and
> > sha256WithRSAEncryption probably mean the same in this context.
> > There's also a thread in this list in which people seem to have
> > experienced headaches over this topic. But the thread is talking about
> > CMS signed objects (which I believe is different from certificates),
> > and happened before 7935 was released, so it feels like the RFC should
> > mandate something consistent with reality by now.
> >
> > Thanks for any pointers.
>
> You are right.
>
> In the subjectPublicKeyInfo, the algorithm identifier should be
rsaEncryption, which is { 1, 2, 840, 113549, 1, 1, 1 }. This allow the
public key to be used with PKCS#1 v1.5, RSASSA-PSS, and RSAES-OAEP.
>
> In the signature, the algorithm identifier should be
sha256WithRSAEncryption, which is { 1, 2, 840, 113549, 1, 1, 11 }. This
identifies PKCS#1 v1.5 with SHA-256 as the hash algorithm.
>
> Russ
>
>

_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr