Re: [TLS] [pkix] Updated EdDSA/Ed25519 PKIX document

"Manger, James" <James.H.Manger@team.telstra.com> Thu, 24 September 2015 03:23 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDC551B367A; Wed, 23 Sep 2015 20:23:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.902
X-Spam-Level:
X-Spam-Status: No, score=-0.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RCVD_IN_DNSWL_LOW=-0.7, RELAY_IS_203=0.994] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MXv4JGBzxwW6; Wed, 23 Sep 2015 20:23:48 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) by ietfa.amsl.com (Postfix) with ESMTP id C72511B3679; Wed, 23 Sep 2015 20:23:47 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.17,579,1437400800"; d="scan'208";a="119105769"
Received: from unknown (HELO ipcdvi.tcif.telstra.com.au) ([10.97.217.212]) by ipocvi.tcif.telstra.com.au with ESMTP; 24 Sep 2015 13:23:46 +1000
X-IronPort-AV: E=McAfee;i="5700,7163,7933"; a="25869545"
Received: from wsmsg3754.srv.dir.telstra.com ([172.49.40.198]) by ipcdvi.tcif.telstra.com.au with ESMTP; 24 Sep 2015 13:23:46 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3754.srv.dir.telstra.com ([172.49.40.198]) with mapi; Thu, 24 Sep 2015 13:23:46 +1000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: Simon Josefsson <simon@josefsson.org>, "pkix@ietf.org" <pkix@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Date: Thu, 24 Sep 2015 13:23:45 +1000
Thread-Topic: [pkix] Updated EdDSA/Ed25519 PKIX document
Thread-Index: AdD12pVU/mpM/hKjSpWqsOnwHJSkkQAm4V3A
Message-ID: <255B9BB34FB7D647A506DC292726F6E13BAE1499A2@WSMSG3153V.srv.dir.telstra.com>
References: <878u7xtu06.fsf@latte.josefsson.org>
In-Reply-To: <878u7xtu06.fsf@latte.josefsson.org>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ga2eDj3JawMExHi42Im5xEVL-XU>
Subject: Re: [TLS] [pkix] Updated EdDSA/Ed25519 PKIX document
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 03:23:50 -0000

Hi Simon, two technical typos:

The example cert in 8.2 has the wrong OID for the signature.
Cert has { 1 3 101 100 1 } [encoding 06 04 2B656401]
Text has { 1 3 101 101 }   [encoding 06 03 2B6565]   for id-EdDSASignature

OIDs use space-separated (not dot-separated) numbers in ASN.1.
Section 4:
Wrong { 1.3.101.100 }
Right { 1 3 101 100 }
Section 7
Wrong { 1.3.101.101 }
Right { 1 3 101 101 }


The cert's notBefore field is a UTCTime value (2-digit year), while the notAfter field is a GeneralizedTime value (4-digit year). I don't think I has seen that before, but it is valid.

--
James Manger


-----Original Message-----
From: pkix [mailto:pkix-bounces@ietf.org] On Behalf Of Simon Josefsson
Sent: Wednesday, 23 September 2015 6:33 PM
To: pkix@ietf.org; tls@ietf.org
Subject: [pkix] Updated EdDSA/Ed25519 PKIX document

Hi all,

I have pushed out a new version of the document describing EdDSA public keys, signatures and certificates for PKIX.  The change in -03 include the addition of the prehash mode, test vectors generated by GnuTLS, and a section recommending certain human readable names.

https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-03

I've started a thread to discuss whether it is wortwhile to be able to use the same Ed25519 key for both PureEdDSA mode and HashEdDSA signing, and I'd appreciate feedback on whether people are interested in this and generally if it is a good idea or not.  The complexity involved make me shy away a bit from it, but it is fun to consider.  The thread is here:
https://moderncrypto.org/mail-archive/curves/2015/000630.html

/Simon