Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition

Phillip Hallam-Baker <hallam@gmail.com> Fri, 05 August 2011 16:27 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFD9F21F8C13 for <woes@ietfa.amsl.com>; Fri, 5 Aug 2011 09:27:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.476
X-Spam-Level:
X-Spam-Status: No, score=-3.476 tagged_above=-999 required=5 tests=[AWL=0.122, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uJdhQBztLyR5 for <woes@ietfa.amsl.com>; Fri, 5 Aug 2011 09:27:20 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id EF59B21F8C11 for <woes@ietf.org>; Fri, 5 Aug 2011 09:27:19 -0700 (PDT)
Received: by ywm21 with SMTP id 21so2047077ywm.31 for <woes@ietf.org>; Fri, 05 Aug 2011 09:27:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vUu+XvoHVj6SbFOTLsM0bvMI6cOWwEhNgThfbU1mRkQ=; b=Bw0yfXZ5y7APFBJAoPkxvsMEqPFXTrigu4JzLIQx0Sl0OqpYPAc5tsdKpmbN9mFAoE GqnUKC3I55cNswNVJdS2rNspRXq+dCjT+WoXKwlhCtj9OwwFsy8D4dwu/MYG7kuuUIue dD5paMjXo/eDMUYOTt3UQ6GobpXYFB59OUsdU=
MIME-Version: 1.0
Received: by 10.101.189.1 with SMTP id r1mr2136890anp.6.1312561656364; Fri, 05 Aug 2011 09:27:36 -0700 (PDT)
Received: by 10.100.34.3 with HTTP; Fri, 5 Aug 2011 09:27:36 -0700 (PDT)
In-Reply-To: <CABcZeBPWj8GC4nK7qZ_uypk+4uAPtGYhQu3rAdz+xr9AuP13rg@mail.gmail.com>
References: <b9332337-4efa-4355-93a9-7866a5506bb5@default> <CA60EB18.D5CF%joe.hildebrand@webex.com> <CABcZeBPWj8GC4nK7qZ_uypk+4uAPtGYhQu3rAdz+xr9AuP13rg@mail.gmail.com>
Date: Fri, 5 Aug 2011 12:27:36 -0400
Message-ID: <CAMm+LwiCzCKYA4JJ-iQVftrxLWYgeW+ahd6wVbnfhr2v4aB71w@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary=001636c5bbf345ff4e04a9c49346
Cc: "woes@ietf.org" <woes@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2011 16:27:21 -0000

Question: What exactly is a 'raw key' in any case?

Anything that the group does is going to require some commitment to a
specific serialization of the key information. A public key is an abstract
data structure and you can't put an abstract structure on the wire. There
has to be some mapping from the abstract structure to the bits.


Eric and myself are not trying to be difficult here. OK, I can't speak for
Eric, maybe he is. But we have both tried to do what is being presented as
the 'easy' case and it wasn't.

Raw key can simplify things if offered as an option. If it is the only
option it is going to make things harder, not easier in my view.



On Fri, Aug 5, 2011 at 10:07 AM, Eric Rescorla <ekr@rtfm.com> wrote:

> On Thu, Aug 4, 2011 at 9:34 PM, Joe Hildebrand <joe.hildebrand@webex.com>
> wrote:
> > On 8/4/11 4:48 PM, "Hal Lockhart" <hal.lockhart@oracle.com> wrote:
> >
> >>> 3) A Standards Track document specifying how to encode public
> >>> keys as JSON-structured objects.
> >>>
> >>
> >> I would like to push back on the idea of only supporting naked public
> keys. It
> >> is my understanding that common cryto libraries, e.g. OpenSSL, expect
> public
> >> keys to be in certificates and the coding to get them to accept a naked
> key as
> >> input is ugly. I don't think they care if the cert is self signed or
> even
> >> signed at all, its just a format issue.
> >
> > Just doing the math yourself, from scratch, is pretty easy if you have
> the
> > bare key.  It's nigh-on trivial if you have a bigint library.  Solution:
> > don't use OpenSSL.  I propose we don't get bogged down in the certificate
> > problem for the moment.
>
> Cryptographer's warning: do not do this. Hard hat area ahead.
>
> -Ekr
> _______________________________________________
> woes mailing list
> woes@ietf.org
> https://www.ietf.org/mailman/listinfo/woes
>



-- 
Website: http://hallambaker.com/