IETF Logo Mail Archive

[lamps] CSRATTRS specifying the SAN

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 09 June 2021 20:15 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D33F3A2488; Wed, 9 Jun 2021 13:15:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id no7RfsdiSGsh; Wed, 9 Jun 2021 13:15:29 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BD123A2489; Wed, 9 Jun 2021 13:15:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 82C2738ACE; Wed, 9 Jun 2021 16:16:15 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id aBkjM-Ce53Wl; Wed, 9 Jun 2021 16:16:14 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 86D5838AB6; Wed, 9 Jun 2021 16:16:14 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id DEB93486; Wed, 9 Jun 2021 16:15:25 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: spasm@ietf.org
CC: anima@ietf.org, max pritikin <pritikin@cisco.com>
In-Reply-To: <MW3PR11MB47462121627A10A62E006497DB369@MW3PR11MB4746.namprd11.prod.outlook.com>
References: <83844291-5785-434E-8956-3FF81ECD761C@cisco.com> <9820.1618358856@localhost> <MW3PR11MB47462121627A10A62E006497DB369@MW3PR11MB4746.namprd11.prod.outlook.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 09 Jun 2021 16:15:25 -0400
Message-ID: <26435.1623269725@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/tmBzgN4wHkzm5Z7lxmRD3kKhNJ0>
Subject: [lamps] CSRATTRS specifying the SAN
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2021 20:15:35 -0000

Eliot has suggested that:
      https://datatracker.ietf.org/doc/html/rfc7030#section-4.5.2
does not appear to allow the returned CSR Attributes to contain a value.
Please correct me if I'm understanding the problem wrong.

RFC8994 assignment of IPv6 ULA can not, as far as I can understand, work
without assigning a value.  The Registrar must allocate a prefix for the new
ACP node, and this has to go into the CSR in order for the CA to sign it.

(Yes, the Registrar has to *check* that the CSR contains the right value along
the way too.  Yes, if the Registrar is ALSO the CA, then it can shortcut, but
that's not in general true)

My unit testing code is at:
  https://github.com/AnimaGUS-minerva/fountain/blob/master/spec/models/csr_attributes_spec.rb


I found the ASN.1 code in section 4.5.2 beyond my understanding, so I muddled
through, since fortunately, there was an example.

   CsrAttrs ::= SEQUENCE SIZE (0..MAX) OF AttrOrOID
   AttrOrOID ::= CHOICE (oid OBJECT IDENTIFIER, attribute Attribute }
   Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
        type   ATTRIBUTE.&id({IOSet}),
        values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) }

What I think that this says is that one can have:
  a) a Sequence of stuff.
  b) the stuff is either an OID.
  c) or the stuff is a SEQUENCE [ type, value ].

The complicated &id... is just saying that when you have some attribute type
"FOO", then you can have the things that would be valid as values.  I'm
actually rather amazed at this level of meta-programming. (Can CDDL do that?)

An example is provided:
   MEEGCSqGSIb3DQEJBzASBgcqhkjOPQIBMQcGBSuBBAAiMBYGCSqGSIb3DQEJDjEJ
   BgcrBgEBAQEWBggqhkjOPQQDAw==

%echo 'MEEGCSqGSIb3DQEJBzASBgcqhkjOPQIBMQcGBSuBBAAiMBYGCSqGSIb3DQEJDjEJBgcrBgEBAQEWBggqhkjOPQQDAw==' | base64 -d | dumpasn1 -
  0  65: SEQUENCE {
  2   9:   OBJECT IDENTIFIER challengePassword (1 2 840 113549 1 9 7)
 13  18:   SEQUENCE {
 15   7:     OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)
 24   7:     SET {
 26   5:       OBJECT IDENTIFIER secp384r1 (1 3 132 0 34)
       :       }
       :     }
 33  22:   SEQUENCE {
 35   9:     OBJECT IDENTIFIER extensionRequest (1 2 840 113549 1 9 14)
 46   9:     SET {
 48   7:       OBJECT IDENTIFIER '1 3 6 1 1 1 1 22'
       :       }
       :     }
 57   8:   OBJECT IDENTIFIER ecdsaWithSHA384 (1 2 840 10045 4 3 3)
       :   }


At 2, we have the OID "challengePassword", which tells the client that this
attribute should be included (that's [b]).
At 13-26, we have an attributed, ecPublicKey, with a *value* secp384r1.
This tells the client what kind of things to sign with.  (that's [c])
At 33, we have extensionRequest with oid value 1.3.6.1.1.1.1.22. (also [c])
Finally, at 57, we have just the attribute ecdsaWithSHA384, which is telling
the client to use SHA2-384.

In order to get this all right, I used the example above, made sure I could
decode it, and then made sure that I could encode exactly that.

I have an example building the subjectAltName rfc822Name (yes, my code hasn't
caught up to otherName as specified in RFC8994 yet) which is:

obiwan-[projects/pandora/fountain](2.6.6) mcr 10263 %dumpasn1 tmp/hellobulb0.der
  0  32: SEQUENCE {
  2  30:   SEQUENCE {
  4   3:     OBJECT IDENTIFIER subjectAltName (2 5 29 17)
  9  23:     SET {
 11  21:       SEQUENCE {
 13  19:         [1] {
 15  17:           UTF8String 'hello@example.com'
       :           }
       :         }
       :       }
       :     }
       :   }

I don't know what the [1] is actually, but possibly that's the rfc822Name.
Yup, it is:
  #        rfc822Name                      [1]     IA5String,   <-- this one

So, I think that I'm entirely within spec for CSR Attributes, and I'd like to
understand more from Owen and Eliot as to what problems they are having with
CSR Attributes.

Eliot has suggested we do it all in JSON (CBOR?), and I would certainly be
happy with that.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email