IETF Logo Mail Archive

Re: [lamps] [saag] PKIX and related RFCs - definition of Key Packages

Sean Turner <sean@sn3rd.com> Mon, 21 June 2021 15:50 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46CAD3A0CAE for <spasm@ietfa.amsl.com>; Mon, 21 Jun 2021 08:50:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8SfAVmnYmVuI for <spasm@ietfa.amsl.com>; Mon, 21 Jun 2021 08:49:59 -0700 (PDT)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3AA03A0CAD for <spasm@ietf.org>; Mon, 21 Jun 2021 08:49:59 -0700 (PDT)
Received: by mail-qk1-x734.google.com with SMTP id j62so31598789qke.10 for <spasm@ietf.org>; Mon, 21 Jun 2021 08:49:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=/onwP/FhNFRJnBhkC+IU+AJnasSkUqqds3ewqbcG7QQ=; b=GUpS9FG/Ke6pp4a+bxMw3eu+XmiRhI97vXrL4a+1p9ttz9LOTEgg3NdHoZ/VXgdltu qpyIebgD4/kUxwapH3b65MyWvaCz+1WrqCBWTVEGfOtG9iPFeXy8l6gSFYL2Vdq/xRRi a1dNaAooLzIzSmdc+9CtY1VeWbJUlBdZ34xOU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=/onwP/FhNFRJnBhkC+IU+AJnasSkUqqds3ewqbcG7QQ=; b=Up2SKvp1YM4r4G7lnW/0pdrFncBcyJLa8RgsMK1t9lOCjMHXFDu0L0pqMp0BXSZCC/ hShCFuWBQELcFrGYY2cylnNFdL0UkniExe5zXn37Y7kUnnC6VeMuIQ5pOOhFps+UJIFE aZs7dSqmhhVG8GtjV1FA+UXB8rUVDU+aAPWMLC/MHtu7UoGjqGl93eW0dfWD/r78fxie tqUYeGJZ5WgUt6vj6WDj7iLZlgROL0PtwdeaE3BkeVWTgpkLGZnKdgJOJ3PyXgIuFp0A zkYOh3iv7bGOkQZwoF0gT/KLyhyLoXVN71ZhbcoTkr/MFRMF8g+0E5FnnlhmQZxoH7nh n6iw==
X-Gm-Message-State: AOAM530UOrdKL+YcqDK2k8qTzdahPM4mIP+zrJ+3CcO0sKdm5S3xyN0q QQLgWYn/d7lxZpEOi1KvbXjeXA==
X-Google-Smtp-Source: ABdhPJxLFPFI/2dfvH+hCu3z7lYqsU+pcOaNq2sXOgpy4nnRDAlZTXEj8cteBV5yagqIyS3AxmG4Og==
X-Received: by 2002:a37:2ec1:: with SMTP id u184mr23512588qkh.500.1624290597944; Mon, 21 Jun 2021 08:49:57 -0700 (PDT)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id g82sm10448927qke.119.2021.06.21.08.49.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 21 Jun 2021 08:49:57 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Message-Id: <589DB70F-58BB-44C8-AFD8-052A60F9FC2C@sn3rd.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_A1ADA76F-A560-49A9-A1BC-C272F9A5EF3F"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
Date: Mon, 21 Jun 2021 11:49:56 -0400
In-Reply-To: <B8006164-51AD-4B3B-9CE7-83B0574294F8@ll.mit.edu>
Cc: "spasm@ietf.org" <spasm@ietf.org>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
References: <B8006164-51AD-4B3B-9CE7-83B0574294F8@ll.mit.edu>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/V1D1oPcCnQ1qSRgpEav7hExDJXE>
Subject: Re: [lamps] [saag] PKIX and related RFCs - definition of Key Packages
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jun 2021 15:50:04 -0000

-saag

> On Jun 16, 2021, at 16:53, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote:
> 
> Yet the definitions invest in the details of the private keys, leaving the public key as “BIT STRING OPTIONAL”. Why is it so?

Uri,

In ECPrivateKey, publicKey is OPTIONAL because that’s the way it was defined in the SECG specifications (see c.4 of SEC1). The text in c.4 leads me to believe the entire structure was created to support providing CA-generated keys to the EE. If the CA creates the keys and generates a certificate, there is no need to return the raw public key in the structure; you can get the public key from the certificate.

In OneAsymmetricKey, I followed the same pattern.

As far as identifying the PublicKey serialization, why can’t you use the algorithm identifier?

spt

v2.23.0 | Report a Bug | By Email