IETF Logo Mail Archive

Re: [websec] HPKP & different encodings of the same public key

Jeffrey Walton <noloader@gmail.com> Sun, 15 May 2016 17:42 UTC

Return-Path: <noloader@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C376812B035 for <websec@ietfa.amsl.com>; Sun, 15 May 2016 10:42:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UMMAJdaNMK34 for <websec@ietfa.amsl.com>; Sun, 15 May 2016 10:42:02 -0700 (PDT)
Received: from mail-io0-x243.google.com (mail-io0-x243.google.com [IPv6:2607:f8b0:4001:c06::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A227812B018 for <websec@ietf.org>; Sun, 15 May 2016 10:42:02 -0700 (PDT)
Received: by mail-io0-x243.google.com with SMTP id d62so10867306iof.1 for <websec@ietf.org>; Sun, 15 May 2016 10:42:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc; bh=EcqZjU6zOuAneos0v1MC0im+BraepEeX7J91WYSjr3A=; b=aKAC8Os/JmiiKX/qRL4AmE4qjBdZsluu5E8JyJy2XUXmluyaSUMRtDT7af1zF8SBVj MW7rajqBDtRcEjs65tWneKZkvXlI+73MtuheBeHRn7AtxrsGEVKCUjyZkC3zq7TyvADt ju1levOUbk78AZkx1rE5LWqJ4bBlR7DLVDJDXXLBN1XQgI4v0u51wUG7d5NOKcRiDJ1X rhz0HFEjRpP/bLh/tnkf4K1cseUzlpEyvHtn/rqm01SKalIbVHY0GzTcOOBxfRHsSKbo AMBvqllmhYZZKp09MUh/go2zui0Y1lLvQXW6biw6/aYR4v0Q58k11u5R6XDj03PoVXrV yuww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:cc; bh=EcqZjU6zOuAneos0v1MC0im+BraepEeX7J91WYSjr3A=; b=ZzjtzkjJFQeYZjlBS2WM0sKw3+P/Gu+ppopVljybnd/PVr6XE6n0EwRjypecQN2PPc CtrWSjhN57hJVBqehOy3R/iaNXbbeyxJ2GQrFwmG03UYQjV0olbR4GAKkcXf9BA2G/Ys E23+poFdUsrlrhNjoL458ncac5dzsp5j4JTJ+wShohC/CkYf/OjFPkmz5UZsxP2pAh7L yE1iFVXV5ubofCBMMkisfDrD2OzRhVnSi8r9BUfZGhXv39BnOeCBbVRT9Fq5kyzBCvt0 wYxC+pvvg+FGeIs1bfFP3Y/PtADpgC8wLmmiIEKuFoad49JUkNkkCfX+f1pOKXkwwe6y Pyew==
X-Gm-Message-State: AOPr4FU1u0OspbUI2K6OZ6bgKOiQlBYnPA7MjMr9bqil/1srnfugdd9qoaV5HX9X5AHovPmOa5+jcn3BuQOMXQ==
MIME-Version: 1.0
X-Received: by 10.107.134.24 with SMTP id i24mr17145683iod.130.1463334121962; Sun, 15 May 2016 10:42:01 -0700 (PDT)
Received: by 10.64.126.67 with HTTP; Sun, 15 May 2016 10:42:01 -0700 (PDT)
In-Reply-To: <CAME=j1kWnuXPQa_-zxt+-MjhdhD6=RE=ZySzJ33yup=44jKAjw@mail.gmail.com>
References: <CAME=j1=QZTFdxaMQ=_Egy296zhAiL--2hcW0_nc-3BLgz7z9XA@mail.gmail.com> <CAH8yC8=p=ZJnspy0q_uwhGa4+CCdRhEOKUOZC9k-Si8OsKD6gQ@mail.gmail.com> <CAME=j1kWnuXPQa_-zxt+-MjhdhD6=RE=ZySzJ33yup=44jKAjw@mail.gmail.com>
Date: Sun, 15 May 2016 13:42:01 -0400
Message-ID: <CAH8yC8nqikepVhWhyKGYz-kxa1CyMq7QpJbJ3jjuz1JbQRM3-Q@mail.gmail.com>
From: Jeffrey Walton <noloader@gmail.com>
To: Jesse Wilson <jesse@swank.ca>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/websec/LGwMfSgcggQi1y7uY737ykZFuGw>
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] HPKP & different encodings of the same public key
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: noloader@gmail.com
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 May 2016 17:42:04 -0000

On Sun, May 15, 2016 at 1:31 PM, Jesse Wilson <jesse@swank.ca> wrote:
> I definitely like the idea of a canonical form. That makes everything easy!
> But which format is the canonical one?

It depends. One way to do it is to expand to domain parameters. All
named curves can be expanded to its constituent domain parameters.
Another way to do it is by comparing public points after you determine
the named curve or domain parameters are equivalent.

What you can't do is take domain parameters, and map _all_ of them
back to named curves. Custom curves likely won't have an OID
associated with them. Additionally, not all named curves are
recognized by all libraries. For example, the old 1998 X9.62 curves
are mostly no longer supported; and the WTLS curves are usually not
supported because of weaker parameters even though they have well
known names.

For completeness, the public point is the coordinate Q=(x,y), and its
created by raising the base point G to the private exponent x (i.e.,
Q=G^x). But for the Q=G^x machinery to work, the domain parameters
need to be the same for both parties,

Jeff

v2.23.0 | Report a Bug | By Email