Re: [lamps] LAMPS sample keys and certificates
Russ Housley <housley@vigilsec.com> Fri, 22 November 2019 00:34 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB7C71200B6 for <spasm@ietfa.amsl.com>; Thu, 21 Nov 2019 16:34:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkYsRbLiNBIZ for <spasm@ietfa.amsl.com>; Thu, 21 Nov 2019 16:34:19 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB8591200B7 for <spasm@ietf.org>; Thu, 21 Nov 2019 16:34:18 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 5532D300A9E for <spasm@ietf.org>; Thu, 21 Nov 2019 19:34:17 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id wv0fQeq9an_t for <spasm@ietf.org>; Thu, 21 Nov 2019 19:34:15 -0500 (EST)
Received: from [5.5.33.96] (unknown [204.194.23.17]) by mail.smeinc.net (Postfix) with ESMTPSA id A52E730055E; Thu, 21 Nov 2019 19:34:14 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <AB258C3C-86ED-40BF-BF7C-BC51CF151C02@vigilsec.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_BB6B31EB-170D-4082-AAF9-77FFB8D9F517"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 21 Nov 2019 19:34:12 -0500
In-Reply-To: <8736ehj8br.fsf@fifthhorseman.net>
Cc: LAMPS WG <spasm@ietf.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
References: <878sodm0j3.fsf@fifthhorseman.net> <F134E036-6E20-474A-8D7D-6680186C396D@redhoundsoftware.com> <A85E1AD0-709C-4771-A49F-073E98DA10B7@sn3rd.com> <8736ehj8br.fsf@fifthhorseman.net>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/HU-tJyfQ29oozXeyPT_n9Ov2j30>
Subject: Re: [lamps] LAMPS sample keys and certificates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2019 00:34:22 -0000
DKG: The perl script does yield the binary data, but the document does not use PEM format. Russ > On Nov 21, 2019, at 3:14 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > > Signed PGP part > On Thu 2019-11-21 23:21:57 +0800, Sean Turner wrote: >> Showing signs of age based on algorithm choices, but there is also: >> >> https://datatracker.ietf.org/doc/rfc4134/ > > Thanks for this pointer! I had looked for something like this, and even > cornered Paul to ask him if he remembered writing such a thing, but came > up empty. > > I now see why i missed it in my earlier searches -- i was assuming that > there would be a PEM-encoded form of the key and certificate objects, > and had searched for PEM headers but did not find them. It's > interesting that there are no PEM-encoded objects here, just the output > of dumpasn1 and a weird custom base64-encoded form in appendix B! > > I agree with you that the algorithm choices are on the weaker side here > (1024-bit RSA and DSS!), so i'm inclined to continue work on the new > document, to have relatively modern certs to use for newer examples. > > I'll definitely include a reference to this earlier work, though. > > --dkg > > PS i've updated draft-dkg-lamps-sample-certs to use RSA (i'd originally > tried to use RSA-PSS, but ran into trouble with using that in some > tests), and to have the keyEncipherment flag set (rather than the > dataEncipherment flag, which i had mistakenly set). > >
- [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Ryan Sleevi
- Re: [lamps] LAMPS sample keys and certificates Carl Wallace
- Re: [lamps] LAMPS sample keys and certificates Salz, Rich
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Sean Turner
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Russ Housley
- Re: [lamps] LAMPS sample keys and certificates Russ Housley
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Russ Housley
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Russ Housley
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Russ Housley