Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition

Sean Turner <turners@ieca.com> Fri, 05 August 2011 18:13 UTC

Return-Path: <turners@ieca.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F08D021F8B39 for <woes@ietfa.amsl.com>; Fri, 5 Aug 2011 11:13:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.641
X-Spam-Level:
X-Spam-Status: No, score=-101.641 tagged_above=-999 required=5 tests=[AWL=-0.243, BAYES_00=-2.599, J_CHICKENPOX_25=0.6, J_CHICKENPOX_27=0.6, UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GG1PVWIQrDPR for <woes@ietfa.amsl.com>; Fri, 5 Aug 2011 11:13:08 -0700 (PDT)
Received: from nm19-vm0.bullet.mail.bf1.yahoo.com (nm19-vm0.bullet.mail.bf1.yahoo.com [98.139.213.162]) by ietfa.amsl.com (Postfix) with SMTP id 03FCF21F8A95 for <woes@ietf.org>; Fri, 5 Aug 2011 11:13:07 -0700 (PDT)
Received: from [98.139.212.146] by nm19.bullet.mail.bf1.yahoo.com with NNFMP; 05 Aug 2011 18:13:25 -0000
Received: from [98.139.212.199] by tm3.bullet.mail.bf1.yahoo.com with NNFMP; 05 Aug 2011 18:13:25 -0000
Received: from [127.0.0.1] by omp1008.mail.bf1.yahoo.com with NNFMP; 05 Aug 2011 18:13:25 -0000
X-Yahoo-Newman-Id: 855066.95275.bm@omp1008.mail.bf1.yahoo.com
Received: (qmail 90914 invoked from network); 5 Aug 2011 18:13:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1312568005; bh=DkGQl2a1po3evVmJ725neSHGZJ+1v+xtzpFFUnr67J8=; h=X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=D7s8xledA8pBNoHYYvQH4u/gOQCH5kE2tfmF5GBOo/q0GaLmh01mjCyk7zf0SF8sgysX3dUqze5FEyFwDpctFEBy6vz2F9mj6YDkm1z+vZGFuBbcqTL3a8bU089c+Ms69jvCDoSCLF/i1TYX5uJtieViHEKtm5M//o5J9specBk=
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: GWxA.2wVM1k6y6T2XMdzWKxrNmewjhSJ3AutQ1ZqFTQkC7f gdJylAh082Tl5ErGPc.V5nYYdpK0rGwLs8oTA7Ve1X8GZw0k0QTCFxiDMjSn coOc26Mu65dCr_hhag6ZdBXHlVzDkwZC4wjNCf.7e9mdT8SUvQmYwn4ahQad STzwqiF5ySHPtsYtLw2cyaFsKEojhDAYXBIy6ch7IxUdruuL1HCH41Euyedy 2wHwEzJyYT_i_MNI9x2ZOynqyp4oszKgW.zn4qpPBm_5iDglzzsqEVlRno1a LMXWl2POWwOVRU1OtqfFej5diah8snH1fRTbJTwuFS6YfOC7ge3u5YzP0K5X mfQTQXmSDimY7Gr1kT0QwczEC6mv5jh5Ce3yDdc.t5cRPdu0y9iyMd0sc_p8 6J17n7fBvX1hbkoVus80Kcoz9NtX96XHF3TP.UrA0CJr2U9IB1hrjtahqHFm xyJvh0rHHBJpG4zfcLHjcGSlNT6fANdgtSgAsng--
X-Yahoo-SMTP: ZrP3VLSswBDL75pF8ymZHDSu9B.vcMfDPgLJ
Received: from thunderfish.westell.com (turners@96.231.128.54 with plain) by smtp112.biz.mail.mud.yahoo.com with SMTP; 05 Aug 2011 11:13:24 -0700 PDT
Message-ID: <4E3C32C3.4090004@ieca.com>
Date: Fri, 05 Aug 2011 14:13:23 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: Phillip Hallam-Baker <hallam@gmail.com>
References: <b9332337-4efa-4355-93a9-7866a5506bb5@default> <CA60EB18.D5CF%joe.hildebrand@webex.com> <CABcZeBPWj8GC4nK7qZ_uypk+4uAPtGYhQu3rAdz+xr9AuP13rg@mail.gmail.com> <CAMm+LwiCzCKYA4JJ-iQVftrxLWYgeW+ahd6wVbnfhr2v4aB71w@mail.gmail.com>
In-Reply-To: <CAMm+LwiCzCKYA4JJ-iQVftrxLWYgeW+ahd6wVbnfhr2v4aB71w@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "woes@ietf.org" <woes@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 18:13:09 -0000

On 8/5/11 12:27 PM, Phillip Hallam-Baker wrote:
> Question: What exactly is a 'raw key' in any case?

I believe the people that want this are trying to avoid X.509.  I'd bet 
a $1 it won't end up just being the 'raw key' there's going to be 
parameters, etc.  If you look at what Mike's proposing in 
http://datatracker.ietf.org/doc/draft-jones-json-web-key/ which I 
believe is one draft on offer as input, it already includes more than 
just the key - as it should.

> Anything that the group does is going to require some commitment to a
> specific serialization of the key information. A public key is an
> abstract data structure and you can't put an abstract structure on the
> wire. There has to be some mapping from the abstract structure to the bits.
>
>
> Eric and myself are not trying to be difficult here. OK, I can't speak
> for Eric, maybe he is. But we have both tried to do what is being
> presented as the 'easy' case and it wasn't.
>
> Raw key can simplify things if offered as an option. If it is the only
> option it is going to make things harder, not easier in my view.

I have never assumed that the charter item for a 'raw key' implied that 
it was *the* way to convey the public key in the resulting 
JSON-structures for signatures/encryption.  I have always assumed there 
would be some faction that would want an option to refer to|point 
to|include a certificate.

We can fight about what the required mechanism is when we actually write 
the spec.  I've gotten the impression that regardless of the choice that 
wins a 'bare key' JSON format is needed - hence the charter item.

spt

> On Fri, Aug 5, 2011 at 10:07 AM, Eric Rescorla <ekr@rtfm.com
> <mailto:ekr@rtfm.com>> wrote:
>
>     On Thu, Aug 4, 2011 at 9:34 PM, Joe Hildebrand
>     <joe.hildebrand@webex.com <mailto:joe.hildebrand@webex.com>> wrote:
>      > On 8/4/11 4:48 PM, "Hal Lockhart" <hal.lockhart@oracle.com
>     <mailto:hal.lockhart@oracle.com>> wrote:
>      >
>      >>> 3) A Standards Track document specifying how to encode public
>      >>> keys as JSON-structured objects.
>      >>>
>      >>
>      >> I would like to push back on the idea of only supporting naked
>     public keys. It
>      >> is my understanding that common cryto libraries, e.g. OpenSSL,
>     expect public
>      >> keys to be in certificates and the coding to get them to accept
>     a naked key as
>      >> input is ugly. I don't think they care if the cert is self
>     signed or even
>      >> signed at all, its just a format issue.
>      >
>      > Just doing the math yourself, from scratch, is pretty easy if you
>     have the
>      > bare key.  It's nigh-on trivial if you have a bigint library.
>       Solution:
>      > don't use OpenSSL.  I propose we don't get bogged down in the
>     certificate
>      > problem for the moment.
>
>     Cryptographer's warning: do not do this. Hard hat area ahead.
>
>     -Ekr
>     _______________________________________________
>     woes mailing list
>     woes@ietf.org <mailto:woes@ietf.org>
>     https://www.ietf.org/mailman/listinfo/woes
>
>
>
>
> --
> Website: http://hallambaker.com/
>
>
>
> _______________________________________________
> woes mailing list
> woes@ietf.org
> https://www.ietf.org/mailman/listinfo/woes