Re: [dane] New I-D on Authenticating Raw Public Keys with DANE TLSA

Wed, 02 Jul 2014 10:27:27 -0700 

Two nits:

0) s3 contains the following:

  This SubjectPublicKeyInfo structure MUST be encoded in DER encoding
   [X.660] of Abstract Syntax Notation One (ASN.1) [X.208].

r/X.660/X.690 or just:

  This SubjectPublicKeyInfo structure MUST be encoded in DER encoding
   of Abstract Syntax Notation One (ASN.1) [X.690].

Personally, I think that’s not referring to the X.680/208 is fine because 
that’s what RFC 6898 did, but for completeness I could see using X.680 instead 
of X.208:

  This SubjectPublicKeyInfo structure MUST be encoded in DER encoding
   [X.690] of Abstract Syntax Notation One (ASN.1) [X.680].

If you decide to go with the X.680 reference (from PKIX):

   [X.680]    ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002,
              Information technology - Abstract Syntax Notation One
              (ASN.1):  Specification of basic notation.

1) s3: r/(from RFC 6699 section 2.1.1)/(from RFC 6698 section 2.1.1)

spt

On Jun 21, 2014, at 00:25, John Gilmore <[email protected]> wrote:

> In an effort to nudge along the process of standardizing the use of
> DANE with TLS's use of raw public keys, I have written a short
> Internet-Draft that defines how these keys can be authenticated by using
> TLSA records.
> 
> Name:         draft-gilmore-dane-rawkeys
> Revision:     00
> Title:                Authenticating Raw Public Keys with DANE TLSA
> Document date:        2014-06-20
> Group:                Individual Submission
> Pages:                7
> URL:      
> http://www.ietf.org/internet-drafts/draft-gilmore-dane-rawkeys-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-gilmore-dane-rawkeys/
> Htmlized:       http://tools.ietf.org/html/draft-gilmore-dane-rawkeys-00
> Abstract:
>   This document standardizes how the Domain Name System can
>   authenticate Raw Public Keys.  Transport Level Security now has the
>   option to use Raw Public Keys, but they require some form of external
>   authentication.  The document updates RFC 6698 to allow the Domain
>   Name System to standardize the authentication of more types of keying
>   material.
> 
> The TLS extension for raw public keys, which inspired this work, is
> currently very late in the IETF publication process, but not quite
> published, here:
> 
>  "Using Raw Public Keys in Transport Layer Security (TLS)
>         and Datagram Transport Layer Security (DTLS)"
>  https://www.rfc-editor.org/authors/rfc7250.txt
> 
>       John
> 
> _______________________________________________
> dane mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dane

_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane

Reply via email to