Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition

Leif Johansson <leifj@mnt.se> Sat, 06 August 2011 11:42 UTC

Return-Path: <leifj@mnt.se>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A39C21F8770 for <woes@ietfa.amsl.com>; Sat, 6 Aug 2011 04:42:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iUFOh3W03tay for <woes@ietfa.amsl.com>; Sat, 6 Aug 2011 04:42:58 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by ietfa.amsl.com (Postfix) with ESMTP id 7ABAE21F8764 for <woes@ietf.org>; Sat, 6 Aug 2011 04:42:57 -0700 (PDT)
Received: from [10.0.0.11] (ua-83-227-179-169.cust.bredbandsbolaget.se [83.227.179.169]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id p76BhCN7023018 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 6 Aug 2011 13:43:16 +0200 (CEST)
Message-ID: <4E3D28D0.4090108@mnt.se>
Date: Sat, 06 Aug 2011 13:43:12 +0200
From: Leif Johansson <leifj@mnt.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.18) Gecko/20110617 Lightning/1.0b2 Thunderbird/3.1.11
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>
References: <b9332337-4efa-4355-93a9-7866a5506bb5@default> <CA60EB18.D5CF%joe.hildebrand@webex.com> <CABcZeBPWj8GC4nK7qZ_uypk+4uAPtGYhQu3rAdz+xr9AuP13rg@mail.gmail.com> <4E3C0158.1090109@mnt.se> <CABcZeBOrUgX7+5aMohzO6Uq_8iHkbW0H-pHo96xTeFB3Wq+SAg@mail.gmail.com>
In-Reply-To: <CABcZeBOrUgX7+5aMohzO6Uq_8iHkbW0H-pHo96xTeFB3Wq+SAg@mail.gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: woes@ietf.org
Subject: Re: [woes] Naked Public Key, was: RE: Proposed charter, post-Quebec edition
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Aug 2011 11:42:58 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/05/2011 06:43 PM, Eric Rescorla wrote:
> On Fri, Aug 5, 2011 at 7:42 AM, Leif Johansson <leifj@mnt.se> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>>> Just doing the math yourself, from scratch, is pretty easy if you have the
>>>> bare key.  It's nigh-on trivial if you have a bigint library.  Solution:
>>>> don't use OpenSSL.  I propose we don't get bogged down in the certificate
>>>> problem for the moment.
>>>
>>> Cryptographer's warning: do not do this. Hard hat area ahead.
>>>
>>
>> That is advice for implementors and not for spec writers, right?
> 
> Correct. Getting the implementation right is tricky.

So in that case I still support having the spec explain (very carefully)
how you do "raw keys" - i.e keys with no intrinsic semantics - and then
also adding the cryptographers caveat to that.

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk49KNAACgkQ8Jx8FtbMZnegGwCePWbm6onumygWk92zBNI2Kbhf
ecMAn16qCkD9uC+YpiyxpMKOT7oI0+4m
=ICmK
-----END PGP SIGNATURE-----