Re: [lamps] LAMPS sample keys and certificates
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 21 November 2019 20:34 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 785221208E8 for <spasm@ietfa.amsl.com>; Thu, 21 Nov 2019 12:34:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=KmY4wVqP; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=TJ7djlYv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jjAlSyK3tVbB for <spasm@ietfa.amsl.com>; Thu, 21 Nov 2019 12:34:12 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D70FE1200B1 for <spasm@ietf.org>; Thu, 21 Nov 2019 12:34:11 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1574368450; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=/DCZZK1bnLicrmtl8b2NBPQ4hdUZAndoZhOkzaLW3G0=; b=KmY4wVqPUVu3ruDhni/hjbBSt51Avpa3yzQ5G52ef+kWM+G/tklNgZ3t ttp/FvK+x+kE+siZg/ddWE5c75KbDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1574368450; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=/DCZZK1bnLicrmtl8b2NBPQ4hdUZAndoZhOkzaLW3G0=; b=TJ7djlYvOeoUfCw0KXkpItmsaKVqbzVOF748FWwShNm1jemWpAsbc8ID Z8cb3nA/DV1gwt9f0cdEhtsshLpU4y0cOu6Vu0ViyhpINiCURSINqZMnFD 09nhk83HwOzCwzOMyiXuMP8Iln7bnEaEXpPziRRuIbeXxS9GVrfu/0z0Ss nOnC8nDPd4Ng/XPv/hU38255CCOKB280U15/IAy+uogfFthVnBVo/AwAM5 JGDLveUtPrapgAvjx2i+18iLdh5sk3MTLcX6sSlSyNy4pl9eUL4BH0hxSa hufEM61cugpy8gtbYXu9zJb9JvQMngYZ86g01j9BZfX3mn34ZkF6jw==
Received: from fifthhorseman.net (unknown [182.55.86.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 6E5A6F9B0; Thu, 21 Nov 2019 15:34:09 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 0CDD8204D2; Fri, 22 Nov 2019 04:14:17 +0800 (+08)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Sean Turner <sean@sn3rd.com>
Cc: LAMPS WG <spasm@ietf.org>
In-Reply-To: <A85E1AD0-709C-4771-A49F-073E98DA10B7@sn3rd.com>
References: <878sodm0j3.fsf@fifthhorseman.net> <F134E036-6E20-474A-8D7D-6680186C396D@redhoundsoftware.com> <A85E1AD0-709C-4771-A49F-073E98DA10B7@sn3rd.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Fri, 22 Nov 2019 04:14:16 +0800
Message-ID: <8736ehj8br.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/PWisPoEQ-Q_qHd089znwpcU5H2E>
Subject: Re: [lamps] LAMPS sample keys and certificates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 20:34:14 -0000
On Thu 2019-11-21 23:21:57 +0800, Sean Turner wrote: > Showing signs of age based on algorithm choices, but there is also: > > https://datatracker.ietf.org/doc/rfc4134/ Thanks for this pointer! I had looked for something like this, and even cornered Paul to ask him if he remembered writing such a thing, but came up empty. I now see why i missed it in my earlier searches -- i was assuming that there would be a PEM-encoded form of the key and certificate objects, and had searched for PEM headers but did not find them. It's interesting that there are no PEM-encoded objects here, just the output of dumpasn1 and a weird custom base64-encoded form in appendix B! I agree with you that the algorithm choices are on the weaker side here (1024-bit RSA and DSS!), so i'm inclined to continue work on the new document, to have relatively modern certs to use for newer examples. I'll definitely include a reference to this earlier work, though. --dkg PS i've updated draft-dkg-lamps-sample-certs to use RSA (i'd originally tried to use RSA-PSS, but ran into trouble with using that in some tests), and to have the keyEncipherment flag set (rather than the dataEncipherment flag, which i had mistakenly set).
- [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Ryan Sleevi
- Re: [lamps] LAMPS sample keys and certificates Carl Wallace
- Re: [lamps] LAMPS sample keys and certificates Salz, Rich
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Sean Turner
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Russ Housley
- Re: [lamps] LAMPS sample keys and certificates Russ Housley
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Russ Housley
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Russ Housley
- Re: [lamps] LAMPS sample keys and certificates Daniel Kahn Gillmor
- Re: [lamps] LAMPS sample keys and certificates Russ Housley