Re: [lamps] I-D Action: draft-ietf-lamps-8410-ku-clarifications-00.txt
Corey Bonnell <Corey.Bonnell@digicert.com> Fri, 25 March 2022 10:54 UTC
Return-Path: <Corey.Bonnell@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD2B33A0D9E for <spasm@ietfa.amsl.com>; Fri, 25 Mar 2022 03:54:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUwfe7DhxedV for <spasm@ietfa.amsl.com>; Fri, 25 Mar 2022 03:54:33 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2070c.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eae::70c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4613D3A0DBC for <spasm@ietf.org>; Fri, 25 Mar 2022 03:54:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gW7hBiY9IHbetjuhugZMsm7eRGGFWJ8lQWN79/3IEimUj36Vs+S4oERsHv5SpANdgHkh/xpEmgOIZv/we6SO7eYC1pLn/OxVoDcLA5jsdxlEx0mBYcS3mdOvJWRcct7RFRwc5NgcWI0VbO14drblTZ61EEq2n4Dsadd1UnGnF5wa19ovcDaKZoBoOhCAO0c8I9vOX0qF/a9iVa+9ERuVbDkwMqeYebiQc8DXj+5tqvYAfsWJ58d5Lfm9jH8mXvWRaYovjy06lamWSDh39MOnopwslBVnTh6v+LFPuz0URSMGj0uF5GRXUwQ2zI8nt7FaO8BE6XQEoYyeK+LpynJaEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1qxg9kJl8AI/RkL/jUs+3wWMYXjPABlE5Mj5c5xPWPQ=; b=FVP+RglMCQjZc7+CKyl6QVhmgPbuwm5xUwjBToAR3L2rE/iVt35PW6Ul2M64qUJrytRF+cBTwtZgddU1Cc1tWp5nplB0qFW2IJ3iUj9B7sjhDmWbP1aE4DHYy7Wh5cng4Pr24JgK6aQLslQNcipIHoV+Ucwzp8deqCrOlEhLfzeNM1ykrHA1RX1an3YNhpukJwpqRvJrE9owOKIN89tvBzPPqGqE9GG872qH3G89pAYVa5SbQ6h1cEv1J67ZJxbYG1DRYIineWs/BAkngJQ1JxkfvjMf+vBiRt7vZvfBQnedtIQZ1r5z4+VgUNNTA8dhBayDsOAjk0RTkiQ0v5L8yw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1qxg9kJl8AI/RkL/jUs+3wWMYXjPABlE5Mj5c5xPWPQ=; b=jLvkNOI8E9E3pKbByn3dhMzfXh8zN02qMINOk63pCxAVqk1xSykcRx7ZYuCTyKB8XYgYBVb9Eoqo++3f1BIzfgvlF+qWpkfqk6hV9iZXyvlgTdcuBMI8RkP79hSIfX1eyDGF6SfEyHCCyFfaxXiVIxsVracunsanc6reneGBrVNutrkM3JMsRc/WbKtYf6tCtLhnjf91FA96FfVmpbFAiv2OnLia2K6DeqPZxU0SH30m9RnmzRh2wj6caEh1k3DMhQjdwtv6ZHkBy93hhEcrpnCNDDAWBVpjGkF9j6WZoMuQ+2veWyivO50DjWxw5o5kfSLQewWdbAf5vuVGLB4VdA==
Received: from DM6PR14MB2186.namprd14.prod.outlook.com (2603:10b6:5:b6::16) by SN7PR14MB4318.namprd14.prod.outlook.com (2603:10b6:806:10f::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.16; Fri, 25 Mar 2022 10:54:29 +0000
Received: from DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::ec2f:35ad:5318:ed03]) by DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::ec2f:35ad:5318:ed03%6]) with mapi id 15.20.5102.019; Fri, 25 Mar 2022 10:54:29 +0000
From: Corey Bonnell <Corey.Bonnell@digicert.com>
To: Sean Turner <sean@sn3rd.com>, SPASM <spasm@ietf.org>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-8410-ku-clarifications-00.txt
Thread-Index: AQHYP+pvt3cTJf4BmkuvJHaHqfjWdKzP6fYAgAAAaAA=
Date: Fri, 25 Mar 2022 10:54:29 +0000
Message-ID: <DM6PR14MB218639CC518A2F43C60DB314921A9@DM6PR14MB2186.namprd14.prod.outlook.com>
References: <164817288285.30519.6466200484239941325@ietfa.amsl.com> <C43AC9C7-E616-4D8B-815B-658A632498CF@sn3rd.com>
In-Reply-To: <C43AC9C7-E616-4D8B-815B-658A632498CF@sn3rd.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 99e2e9ac-3328-4fa1-be98-08da0e4dd619
x-ms-traffictypediagnostic: SN7PR14MB4318:EE_
x-microsoft-antispam-prvs: <SN7PR14MB4318ED70E3A8E6A22360E33B921A9@SN7PR14MB4318.namprd14.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: iSNnLjv0K+aRDnJ40F/7O71iBqqm3qKi/S0XGm8DcONnsYMx+qcyd9d+ToZF80kBVY8PedMnTRv8V/368SoL7i0hhe0xO+SKfZVxGXxMy4VJbIR0upGHaC1+0ek0OqpfTvGc4gJxnZuZXnX5e/0idvStEXnGxLxsCy+pjKix9/5Mokn/8Tb20ntsJ19UOlM2CyhNOlOMN7MBnVPKYZwmx2mzVdKL2ZnAPUKMXfKb/TqH69I/BwVlzQdsjQRHAq0bygiw9dA+h2jRZVDrSxjKfvSRp6v8hyafiwzkQgjKZLQZ8sTt1GO9LayDL8qtEDAMaELqZFSSDeSFCSMPBk+VGVvEhdUgBghk7lNepY57TsmXrPoJZPDqLiKC2XdtlVOwm3ltKTjSFUEV7gKf6G95S+WXDo2QxM0Ol+fBjNlYcuQi2GKowShKjlUjggIy53K08fUnQHN+UTxFfkvB0QvYdSx2ar9dhmHJLrEa1xeHgaGo0YRDCF0iav9ijc87RLajFVpFmXuyGSrWy9A5M+cDILc4HnBqTXAY+zmYHCWx3BBXphsvU3Nb+1MQV9E7fQh941Gy2jJBxO3rj6x/iJD++e0QEH5WTOhMsI8uRQ+Uqd1Gpt1l2J0+ONnf9CWjTXnzFX5htiqJI/SicEH8M+CL9wEn/5SCdawhqwZWlVgCN7zWr99ghwjvw19oKAQN4fxYvlT26ag+nyDooGKcj8oAgM5uDAmk/EulgEcN9JOG4sdTiQeDGwX5A7SqvIcqrQw44bSUTYH4eCjtrSVncaSE/j/Dk+/W8/yPR8tOoRK8wckiveakoUoM4+/pAfzdybjbUKRRy9RfkVQAzz6LqNXTmw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB2186.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(66476007)(110136005)(64756008)(66946007)(76116006)(66446008)(38070700005)(966005)(6506007)(66556008)(2906002)(508600001)(8936002)(99936003)(5660300002)(38100700002)(71200400001)(52536014)(122000001)(316002)(83380400001)(8676002)(86362001)(53546011)(55016003)(33656002)(9686003)(7696005)(26005)(186003)(66574015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: bjaJhZygozq7wpObWPVkpOkyqHfVpGfkp8KI/vHfrF0tPNCepv36GojNYBE0NQl6MaB2e7uWb9Pl0/1hiNwFqxWd9wxLkoo6smberEbVttE1vjDtDiMhoWQvkxTta8WGzhAtlEOYjkWPCUVn25PQrzglQTdRoVdAACozKUEOWXXrGy+i5pjvKBmMTDzrucL5grM9HRl5nxRqprFs5DFiGlMgpIPrvdEPib7GhoTcWY+MVwdLd6WS4ITAeNqX6q5w8Z/kl8WHevkL0cIHcO16DgiWRfoP0+yqd6C3t6IDMSGxhH2WL9Xw06fVZFcqMdyXKGMxRWPt5PeKKnsk9JrH/HJCBhaAvS4G+3oV9+IXkRDg+3tS3mV9M+OxaCTcEq5aqwPhc1jE/0/kHIcgG0Y+anbgrdPhe2gLJFTl9ph7ZJUhnqt+yn0oropYXALmi+4kJdj7bZrjeigv0K0EnrkqtF9QV0IWHot+jZTIhTzX4RDuIG4A22R6IKmTXluoJsF/m0evcT/x/kyrVX6fnYCxdx+gBhm5c7VPH1np8QjJcw20HsbA2IhDi4iT/C1e9PlpKgy3/nzpVpHqshr8bcM5NSJYbBrnM529aLLg17bBGxYLjEz1LQGzgmqu9wl7lyuTHCVxg4DNjpIK+Lu0r6kFaAqZh2tf+8P2F078MYe2plH+oon2gozE7zHxXWWCFDW0XWLkPTw5jwaxZFKtoQ0JH22/m/0ubkMPi9sqdNN0hlzxEvCsm5EuTxctCw+x1859HCr5NdgV2Kq6hZuhZ1jmyh3rnGVrpl53yIx8spWbL7GPHPFP++XLJ+PUgBIiZBVsFwy+Eqa8H1LrFXsiofQbiW5vHoOhtR/A3pEEg0SsZhKG48Pg9+FXNbZt7WTfZqHnLeae2v3Z0p8cCDMWyKKMgaHAW4xuX6JCH4afMatw3Negm4gEIR2sE6xHCBXFZUDkXkRFOcOPo0iYdrDgPtI0KmhRdUx/TU2v3zwI/XhEWpC7V7IsWRGnRU7IxSqwwNBT/EhtbyNgH4amJ8x/OzLpzJkBDsMT8DyZLgUgGdIr/6uAFPgq99RUH0zMpHVo8vwXb+nxoC4N03i7x3mu+EkmF1D9WHlsYdUSIPoG9PN2AFqNaWx8d7chBGsG5pemsy3bE/ZN3KYQBUQ9H7ucDx3cjRWyrhcFEp6le+e0c6vtQMrzKyMpYYWprQWBuWFFAXwkJyIKTWRSqXr/aS8xgBnWb419IVzS/RpAsaB6xmStjkCqDf469BwfVPLKRaAgj+QauCf4kENkx6WOUw24ZEE2TRKwFoB9uxeWXwiBMwcg+Anh7zYpZnpMHZ5UAu2/2bZtVt3yCz62IUythxWujpudi+FBQB3UzdHCkIrt7/SJiqloWRPFsWzZg1YPDE42vhS91rmtDbjzm7xzdNT1Q4Pzl44BQ3x3xRBjyVwxaa2+8nggMpvWfaD8sFpOE5O+Y5Tf8v0hpsY8EdTjsXvOq1I5/YPNr4KRlx/xEaNk8De7bFaCDEKKirbXwfqEaV5aS8uSegpGjM8rsPf1m9TI0pDnpHNrzP3ENa8aeXXkfac/87dvJzZBqehUh/Z/EpPU6HGFOWNg+C3xSqD9VZk0n4oDox44MBrbaUgpXGOrdTLAMEqHYr0vCgOzlGfyN/rXCoPSVN3sAgRyIBeHfyTIahg8ERhgHBTsnilX4gs+Y8ERpkn1YGCINcfk2m/SPwxuAbOXMsoBGG1a9WJeyoeyJSlYx0cZpAxCh2130RyiD7NUeOQ=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_020D_01D84015.2B5C74C0"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB2186.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 99e2e9ac-3328-4fa1-be98-08da0e4dd619
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Mar 2022 10:54:29.2378 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: H0tqa8FQapYUQJqPG3wgcwD08FgDbrxp5rwKtB4XlhWXvYu7V87QMujJie7wYcmPbeYAN89D8stHz3XEqLFP0exQmTQowEXXIUHqF4skBgI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR14MB4318
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ZVxbmx7k0vKtGe55SCBDIICTsjE>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-8410-ku-clarifications-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 10:54:38 -0000
Hi Sean, Section 3 says: "If the keyUsage extension is present in an end-entity certificate that indicates id-Ed25519 or id-Ed448 in SubjectPublicKeyInfo, then the keyUsage extension MUST contain one or both of the following: nonRepudiation; and digitalSignature; the following MAY also be present: cRLSign;" In the case of CRL issuer certificates, it is acceptable to solely include "cRLSign"; the NR/DS bits are not needed. I suggest rewording this passage to: "If the keyUsage extension is present in an end-entity certificate that indicates id-Ed25519 or id-Ed448 in SubjectPublicKeyInfo, then the keyUsage extension MUST include at least one of the following: nonRepudiation; digitalSignature; and cRLSign;" Thanks, Corey -----Original Message----- From: Spasm <spasm-bounces@ietf.org> On Behalf Of Sean Turner Sent: Friday, March 25, 2022 6:42 AM To: SPASM <spasm@ietf.org> Subject: Re: [lamps] I-D Action: draft-ietf-lamps-8410-ku-clarifications-00.txt Hi! This is the initial WG version. The only diff from the individual -01 is the editorial correction noted on list: https://www.ietf.org/rfcdiff?url1=draft-mtis-lamps-8410-ku-clarifications&ur l2=https://lamps-wg.github.io/8410-ku-clarifications/draft-ietf-lamps-8410-k u-clarifications.txt Cheers, spt > On Mar 24, 2022, at 21:48, internet-drafts@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. > > Title : Clarifications for Ed25519, Ed448, X25519, and X448 Algorithm Identifiers > Authors : Sean Turner > Simon Josefsson > Daniel McCarney > Tadahiko Ito > Filename : draft-ietf-lamps-8410-ku-clarifications-00.txt > Pages : 5 > Date : 2022-03-24 > > Abstract: > This document updates RFC 8410 to clarify existing and specify > missing semantics for key usage bits when used in certificates that > support the Ed25519, Ed448, X25519, and X448 Elliptic Curve > Cryptography algorithms. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-lamps-8410-ku-clarifications/ > > There is also an HTML version available at: > https://www.ietf.org/archive/id/draft-ietf-lamps-8410-ku-clarifications-00.h tml > > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm
- [lamps] I-D Action: draft-ietf-lamps-8410-ku-clar… internet-drafts
- Re: [lamps] I-D Action: draft-ietf-lamps-8410-ku-… Sean Turner
- Re: [lamps] I-D Action: draft-ietf-lamps-8410-ku-… Corey Bonnell
- Re: [lamps] I-D Action: draft-ietf-lamps-8410-ku-… Sean Turner
- Re: [lamps] I-D Action: draft-ietf-lamps-8410-ku-… Corey Bonnell
- Re: [lamps] I-D Action: draft-ietf-lamps-8410-ku-… Sean Turner