Re: [TLS] I-D Action: draft-ietf-tls-oob-pubkey-08.txt

Hauke Mehrtens <hauke@hauke-m.de> Sat, 20 July 2013 15:29 UTC

Return-Path: <hauke@hauke-m.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BF2921E80A6 for <tls@ietfa.amsl.com>; Sat, 20 Jul 2013 08:29:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vW0PqLkGkF9n for <tls@ietfa.amsl.com>; Sat, 20 Jul 2013 08:29:31 -0700 (PDT)
Received: from hauke-m.de (Hauke-2-pt.tunnel.tserv6.fra1.ipv6.he.net [IPv6:2001:470:1f0a:465::2]) by ietfa.amsl.com (Postfix) with ESMTP id 0953321E80A3 for <tls@ietf.org>; Sat, 20 Jul 2013 08:29:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hauke-m.de (Postfix) with ESMTP id 9EE658F61; Sat, 20 Jul 2013 17:29:28 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at hauke-m.de
Received: from hauke-m.de ([127.0.0.1]) by localhost (hauke-m.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DmYZp7ysmytA; Sat, 20 Jul 2013 17:27:17 +0200 (CEST)
Received: from [IPv6:2001:470:1f0b:447:878:d37a:98c:1fb1] (unknown [IPv6:2001:470:1f0b:447:878:d37a:98c:1fb1]) by hauke-m.de (Postfix) with ESMTPSA id 55D0C857F; Sat, 20 Jul 2013 17:27:17 +0200 (CEST)
Message-ID: <51EAAC53.6080704@hauke-m.de>
Date: Sat, 20 Jul 2013 17:27:15 +0200
From: Hauke Mehrtens <hauke@hauke-m.de>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <20130715231127.14144.44003.idtracker@ietfa.amsl.com> <51E5338F.9030100@hauke-m.de> <74975B22-61CB-47AD-AEFF-A273C8F6ECC8@gmx.net>
In-Reply-To: <74975B22-61CB-47AD-AEFF-A273C8F6ECC8@gmx.net>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] I-D Action: draft-ietf-tls-oob-pubkey-08.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jul 2013 15:29:32 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Hannes,

On 07/18/2013 02:19 PM, Hannes Tschofenig wrote:
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
> 
> Hi Hauke,
> 
> thanks for your quick review.
> 
> 
>> Thanks for the new draft.
> 
>> I have some comments to this version:
> 
>> RFC 5480 defines a lot more OIDs which could be used as an
>> algorithm OID than listen in Figure 3. ECDSA defines a different
>> OID for every standardized curve. I think naming the OID in
>> Figure 3 should be removed and there should just be a pinter to
>> the RFC. It should also be made clear that there could be further
>> RFC than RFC 3279, RFC3279 and RFC5480 defining OIDs used in the
>> SubjectPublicKeyInfo, like RFCs defining a new public key type.
> 
> You are right that (a) there may be more OIDs defined in the future
> and that (b) RFC 5480 defines more OIDs than the single one listed
> in the table. However, the table just lists examples to illustrate
> common cases for the reader. I could, however, add a sentence to
> point out that these are just examples and more OIDs exist.

Thanks for adding the sentence that makes it clear.

> 
>> Could you add some list definition where the numbers assigned by
>> the IANA should be added later. I like how it is done in 
>> draft-mcgrew-tls-aes-ccm-ecc-06 for the CipherSuites [0].
> 
> The above-mentioned draft uses a different registry but I guess you
> are asking for a snapshot of the current registry. For example,
> something like this:
> 
> - ------------------------------------------------------ Value
> Description 	          Reference 0	           X.509
> [RFC6091] 1	         OpenPGP	          [RFC6091] 3             Raw
> Public Key    [This RFC] 3-223	 Unassigned 224-255	 Reserved for
> [RFC6091] Private Use -
> ------------------------------------------------------
> 
> Is this correct?

Isn't the final number in the end of the standardization process added
to the draft? I was just thinking about adding a placeholder for that
number in the draft. For the Certificate Type there is already the
excepted number added in the draft, but for the
server_certificate_type and client_certificate_type there is a
placeholder missing.

>> Are there some intermediate version of this draft available, like
>> a public readable svn repository where the work on this draft is
>> happening?
> 
> Yes; here is the git repository: 
> https://github.com/hannestschofenig/tschofenig-ids/tree/master/raw-public-keys

Thanks
> 
for the link.

Hauke
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJR6qxSAAoJEIZ0px9YPRMyh5cP/3BF6Mwbf7qT9Ra8rtFhvoll
VJDWKtD2s6efgPHFXUA/mqELmCgy1v/TaZv4CzYvy1GWdneAQ6wTclzA+wsDbZ+0
RzD9Gd6uM3fPd3yYvfdXR+y9hM+5352aJMSeY2k30kpqJHaOCt0pTkBfgBsa9d/0
eXm6sdD4hRx9w47FlNltZOmbG93dSL7qBxc+43fFl/77DVS1KoLNmPkXLpxgP4oj
KFJCZ+OiXm5hRdP4+tPn/DgUUzL9YQC4rkmR1Seo+Ttoql9UFTpjJ5j4otbeYnGZ
h42Smk5rpyMQ+hbmuujiid6k3bTV2DK9fM6+CfMBGwE0O9DaXi/d/w6Nt3j1zRCe
hT2r/plROzHvJESB7PFnI4oUWdJAz/hNs8idx8VX/pd3dj5y0IVL1sNDrNS0IziJ
wUd91PJLKv/tb3qxtERX7Mu3aYN3HVAw4isRJidVr5nm/nvFnlX/jPdIEC0ZB+k6
LLPCiEv6neO4ACKB32B967o+cMWpHUiaWZ0sQaeMAWY8blmKcBDk/0x/2D7zYOgu
0unfajW/EwthSPVqdzS7tuZATwksa4Wg0WdHpZPHOW0MMR6C4YADIAMBEdFMCOFW
NR6gi5GvTF22KOQ8rinjvNZ3d0BrZbU3tLbgJZ9CIVa2j4dCHfE3xy5mifSyI8uh
+N0s2EHMHOoD8+9QDngo
=Bx3l
-----END PGP SIGNATURE-----