Re: [TLS] AD review of draft-ietf-tls-oob-pubkey
Bert Greevenbosch <Bert.Greevenbosch@huawei.com> Tue, 14 May 2013 03:31 UTC
Return-Path: <Bert.Greevenbosch@huawei.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64CC011E80E8 for <tls@ietfa.amsl.com>; Mon, 13 May 2013 20:31:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.347
X-Spam-Level:
X-Spam-Status: No, score=-3.347 tagged_above=-999 required=5 tests=[AWL=3.252, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LagumSTN4NRp for <tls@ietfa.amsl.com>; Mon, 13 May 2013 20:31:10 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 3D3A011E80E9 for <tls@ietf.org>; Mon, 13 May 2013 20:31:09 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id ARI79413; Tue, 14 May 2013 03:31:07 +0000 (GMT)
Received: from LHREML405-HUB.china.huawei.com (10.201.5.242) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.1.323.7; Tue, 14 May 2013 04:30:38 +0100
Received: from SZXEML460-HUB.china.huawei.com (10.82.67.203) by lhreml405-hub.china.huawei.com (10.201.5.242) with Microsoft SMTP Server (TLS) id 14.1.323.7; Tue, 14 May 2013 04:31:05 +0100
Received: from szxeml558-mbx.china.huawei.com ([169.254.7.35]) by szxeml460-hub.china.huawei.com ([10.82.67.203]) with mapi id 14.01.0323.007; Tue, 14 May 2013 11:30:58 +0800
From: Bert Greevenbosch <Bert.Greevenbosch@huawei.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Thread-Topic: [TLS] AD review of draft-ietf-tls-oob-pubkey
Thread-Index: AQHOOquXB6gmMdKeDUqi+SEmVk8DaZj7EfaAgAHQbICAAHyNAIAGzRgA
Date: Tue, 14 May 2013 03:30:57 +0000
Message-ID: <46A1DF3F04371240B504290A071B4DB63D7272A9@szxeml558-mbx.china.huawei.com>
References: <516D5ADE.3050506@ieca.com> <A95B4818FD85874D8F16607F1AC7C628BCDCF4@xmb-rcd-x09.cisco.com> <518BFECB.8050501@fifthhorseman.net> <A95B4818FD85874D8F16607F1AC7C628BE391F@xmb-rcd-x09.cisco.com>
In-Reply-To: <A95B4818FD85874D8F16607F1AC7C628BE391F@xmb-rcd-x09.cisco.com>
Accept-Language: en-GB, zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.66.162.63]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "<tls@ietf.org>" <tls@ietf.org>, "<draft-ietf-tls-oob-pubkey@tools.ietf.org>" <draft-ietf-tls-oob-pubkey@tools.ietf.org>
Subject: Re: [TLS] AD review of draft-ietf-tls-oob-pubkey
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 May 2013 03:31:16 -0000
[Joe] I agree, but to your point above would you want to restrict the use of an extension that could easily be extended to use a different mechanism in the future? I think here we would probably want to add text to the document to say that this document does not cover how revocation either.
"Revocation of keys is not covered by this document. Specifications that make use of this extension need to describe if and how revocation of keys is performed. At the time of this document's publication, OCSP does not support the revocation of raw public keys so [TLS-OCSP] and [TLS-MULTI_OCSP] do not apply. "
[Bert] I wonder if it would make sense to add some kind of a meta field as follows:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
meta OCTET STRING
}
This could then be used to provide meta information about the public key, e.g. information that may be needed by an out of band authentication method. The field could be ignored by default, unless the particular trust model requires differently.
I guess DER encoding also allows addition of unspecified fields, but I am not sure if they will be ignored or lead to exceptions.
- [TLS] AD review of draft-ietf-tls-oob-pubkey Sean Turner
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Bert Greevenbosch
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Salz, Rich
- [TLS] Revocation and authentication of raw public… Bert Greevenbosch
- Re: [TLS] Revocation and authentication of raw pu… Paul Wouters
- Re: [TLS] Revocation and authentication of raw pu… Salz, Rich
- Re: [TLS] Revocation and authentication of raw pu… Bert Greevenbosch
- Re: [TLS] Revocation and authentication of raw pu… Trevor Perrin
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Joseph Salowey (jsalowey)
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Joseph Salowey (jsalowey)
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Bert Greevenbosch
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Sean Turner
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Sean Turner
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Sean Turner