Re: [Unbearable] ecdsap256 questions
Brian Campbell <bcampbell@pingidentity.com> Thu, 26 May 2016 21:18 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61C5A12DB42 for <unbearable@ietfa.amsl.com>; Thu, 26 May 2016 14:18:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FeoW7428cscW for <unbearable@ietfa.amsl.com>; Thu, 26 May 2016 14:18:39 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1833712DB27 for <unbearable@ietf.org>; Thu, 26 May 2016 14:17:47 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id z123so53559314itg.0 for <unbearable@ietf.org>; Thu, 26 May 2016 14:17:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Ay2WcJU1HdWClC+rfaC69YYYMYJnniK0g/eygWczbLw=; b=k9uVyP62/EeyHvnJcCgyOvNaus4HR3JV6Q40gTh9HO/JPOZfuJsecFyoY+LOOYplvu x4Jgh3QWUFtONkXu0tGpO9MqCJpfLKTPvRYzbyjumo7FGY1kjbekqg633L2Lb3Y6s5N/ fl6UucM54E41XdRZU3xtQUlFgbaOnbOithYi4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Ay2WcJU1HdWClC+rfaC69YYYMYJnniK0g/eygWczbLw=; b=NsJoMDW+8CBNn4Qt6+a+IEQ3/YVFmw9wa28WuqyTswv9e1HawphB9JJ/Y34KKZVA+b MFU5p2oMUuPi2yjipTtVuNeq0AlE44+FNe4M9OapU+kX2In/krG32tasgxAisXTL9IZT qFeRv2OXXeER6MrorX0KCUANvj724yQNXXDfp8r95IyWJxb04KB7NTuY5aNGMHfVwo5+ s5IeGpPbryxDmOCnEeVZjU3x90ejrxc054pPZQJ3uWSBNSMYMpiovnUz4GunF9eYkDPU M4LhpxWoKK75QbUiHShJMhjBI9A1MjgPF5sJ2kBd+pt3tSaK9D/RlAXWttTih4d9neto EgPg==
X-Gm-Message-State: ALyK8tIAYrtTkMFtP786DBqO0Waz4NY8gaUaDXvACEfl3lBtFlp43afLAvBS3VYkv14Mo+8/JIcXQntf5pWWdnEt
X-Received: by 10.36.123.77 with SMTP id q74mr5129682itc.42.1464297466368; Thu, 26 May 2016 14:17:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.105.129 with HTTP; Thu, 26 May 2016 14:17:16 -0700 (PDT)
In-Reply-To: <BN3PR03MB144535196D435593043A07338C4F0@BN3PR03MB1445.namprd03.prod.outlook.com>
References: <CA+k3eCSMjGsxmdSpth9WBRWFXfm5BiPA6DD-LrBYxQ64VFrgsQ@mail.gmail.com> <BN3PR03MB144572B382F3081A2FF8776E8C4B0@BN3PR03MB1445.namprd03.prod.outlook.com> <CACdeXiLtPRgxWdZPsC_h+X_DZHWEe=+Rw_fAF-boaQFcZMHvJA@mail.gmail.com> <CABkgnnWFL64p5dSC4UH8B61=MxcxRKwOvxBC1gxaJOZPv+43ew@mail.gmail.com> <BN3PR03MB1445926369F6ED1D308DAA498C4E0@BN3PR03MB1445.namprd03.prod.outlook.com> <CACdeXiJ+rrhsajD9KWKQw_FWR9=3egRBjCaugY2xBD9thPjneA@mail.gmail.com> <CAH9QtQHm8D7cdP2ZMdnms4tX5v4CGOx3Ny7f7wYjZHLqM8ZhSQ@mail.gmail.com> <BN3PR03MB144535196D435593043A07338C4F0@BN3PR03MB1445.namprd03.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Thu, 26 May 2016 15:17:16 -0600
Message-ID: <CA+k3eCRsZa8ugkAshZygnd-9D2CBYEKGS+6WUYoQN_hOw4MRFQ@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: multipart/alternative; boundary="001a11475b225434270533c5522b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/unbearable/ER_hTvdO5CbmBIO_uWSE6WOyYvw>
Cc: IETF Tokbind WG <unbearable@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, Nick Harper <nharper@google.com>, Bill Cox <waywardgeek@google.com>
Subject: Re: [Unbearable] ecdsap256 questions
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 May 2016 21:18:41 -0000
Might there be some value in providing some examples in -tokbind-protocol and/or -tokbind-https that could help serve to validate reader's interpretation of the text? As an implementer of JWS & JWE, for instance, I found the examples in the documents to be exceptionally valuable in aiding my understanding and helping to vet the implementation. I think some example TokenBindingMessages in the TB doc(s) could be similarly valuable. On Mon, May 23, 2016 at 6:30 PM, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > struct { > > opaque modulus<1..2^16-1>; > > opaque publicexponent<1..2^8-1>; > > } RSAPublicKey; > > > > In “TLS Presentation Language”, this means 2 bytes of length prefix for > modulus and 1 byte of length prefix for exponent. > > > > Cheers, > > > > Andrei > > > > *From:* Bill Cox [mailto:waywardgeek@google.com] > *Sent:* Monday, May 23, 2016 5:19 PM > *To:* Nick Harper <nharper@google.com> > *Cc:* Andrei Popov <Andrei.Popov@microsoft.com>; IETF Tokbind WG < > unbearable@ietf.org>; Brian Campbell <bcampbell@pingidentity.com>; Martin > Thomson <martin.thomson@gmail.com> > *Subject:* Re: [Unbearable] ecdsap256 questions > > > > On Mon, May 23, 2016 at 4:16 PM, Nick Harper <nharper@google.com> wrote: > > I agree with you and Martin that we don't need more ASN.1 + DER, and the > format in draft 06 makes sense for something modern. > > > > Just one question: how are the RSA exponent and modulus length-prefixed? > Are they uint16-length-prefixed? > > > > Bill >
- [Unbearable] ecdsap256 questions Brian Campbell
- Re: [Unbearable] ecdsap256 questions Andrei Popov
- Re: [Unbearable] ecdsap256 questions Nick Harper
- Re: [Unbearable] ecdsap256 questions Martin Thomson
- Re: [Unbearable] ecdsap256 questions Andrei Popov
- Re: [Unbearable] ecdsap256 questions Nick Harper
- Re: [Unbearable] ecdsap256 questions Bill Cox
- Re: [Unbearable] ecdsap256 questions Andrei Popov
- Re: [Unbearable] ecdsap256 questions Brian Campbell
- Re: [Unbearable] ecdsap256 questions Andrei Popov
- Re: [Unbearable] ecdsap256 questions Brian Campbell