From 27f6cd1bc6f422489563a8ed2e3f71221b7b3fac Mon Sep 17 00:00:00 2001 From: Sean Turner Date: Wed, 12 Jan 2022 01:10:57 -0500 Subject: [PATCH] Initial version -00 version --- draft-mtis-lamps-8410-ku-clarifications.md | 171 +++++++++++++++++++++ draft-todo-yourname-protocol.md | 86 ----------- 2 files changed, 171 insertions(+), 86 deletions(-) create mode 100644 draft-mtis-lamps-8410-ku-clarifications.md delete mode 100644 draft-todo-yourname-protocol.md diff --git a/draft-mtis-lamps-8410-ku-clarifications.md b/draft-mtis-lamps-8410-ku-clarifications.md new file mode 100644 index 0000000..3ccf5be --- /dev/null +++ b/draft-mtis-lamps-8410-ku-clarifications.md @@ -0,0 +1,171 @@ +--- +title: Clarifications for Ed25519, Ed448, X25519, and X448 Algorithm Identifiers +abbrev: curve25519, curve448 ECC Clarifications +category: std +updates: 8410 + +docname: draft-mtis-lamps-8410-ku-clarifications-latest +ipr: trust200902 +keyword: Internet-Draft +area: Security +workgroup: +venue: + github: seanturner/draft-mtis-lamps-8410-ku-clarifications + +stand_alone: yes +smart_quotes: no +pi: [toc, sortrefs, symrefs, docmapping] + +author: + - + ins: S. Turner + name: Sean Turner + organization: sn3rd + email: sean@sn3rd.com + - + ins: S. Josefsson + name: Simon Josefsson + organization: SJD AB + email: simon@josefsson.org + - + ins: D. McCarney + name: Daniel McCarney + organization: Square Inc. + email: daniel@binaryparadox.net + - + ins: T. Ito + name: Tadahiko Ito + organization: SECOM CO., LTD. + email: tadahiko.ito.public@gmail.com + +normative: + +informative: + ERRATA: + title: Errata 5696 + author: + - + ins: L. Liao + name: Lijun Liao + date: 2019-04-17 + target: https://www.rfc-editor.org/errata/eid5696 + +--- abstract + +This document updates RFC 8410 to clarify existing and specify +missing semantics for key usage bits when used in certificates +that support the Ed25519, Ed448, X25519, and X448 Elliptic Curve +Cryptography algorithms. + +--- middle + +# Introduction + +{{!RFC8410}} specifies the syntax and semantics for the Subject Public +Key Information field in certificates that support Ed25519, Ed448, +X25519, and X448 Elliptic Curve Cryptography (ECC) algorithms. As part +of these semantics, it defines what combinations are permissible for the +values of the key usage extension {{!RFC5280}}. {{RFC8410}} did not +define what values are not permissible nor did it refer to +keyEncipherment or dataEncipherment. {{ERRATA}} has also been submitted +to clarify that keyCertSign is always set in certification authority +certificates. To address these changes, this document replaces Section 5 +of {{RFC8410}} with {{replace}}. + +# Terminology + +{::boilerplate bcp14-tagged} + +# New Section 5 for RFC 8410 {#replace} + +The intended application for the key is indicated in the keyUsage +certificate extension. + +If the keyUsage extension is present in a certificate that indicates +id-X25519 or id-X448 in SubjectPublicKeyInfo, then the following MUST +be present: + +~~~ + keyAgreement; +~~~ + +one of the following MAY also be present: + +~~~ + encipherOnly; or + decipherOnly; +~~~ + +and the following MUST NOT be present: + +~~~ + digitalSignature; + nonRepudiation; + keyEncipherment; + dataEncipherment; + keyCertSign; and + cRLSign. +~~~ + +If the keyUsage extension is present in an end-entity certificate +that indicates id-Ed25519 or id-Ed448 in SubjectPublicKeyInfo, then +the keyUsage extension MUST contain one or both of the following: + +~~~ + nonRepudiation; and + digitalSignature; +~~~ + +the following MAY also be present: + +~~~ + cRLSign; +~~~ + +~~~ +and the following MUST NOT be present: + + keyEncipherment; + dataEncipherment; + keyAgreement; + keyCertSign; + encipherOnly; and + decipherOnly. +~~~ + +If the keyUsage extension is present in a certification authority +certificate that indicates id-Ed25519 or id-Ed448 in +SubjectPublicKeyInfo, then the keyUsage extension MUST contain +keyCertSign, and zero, or more of the following: + +~~~ + nonRepudiation; + digitalSignature; and + cRLSign; +~~~ + +and the following MUST NOT be present: + +~~~ + keyEncipherment; + dataEncipherment; + keyAgreement; + encipherOnly; and + decipherOnly. +~~~ + +# Security Considerations + +This document introduces no new security considerations beyond those +found in {{RFC8410}}. + +# IANA Considerations + +This document has no IANA actions. + +--- back + +# Acknowledgments +{:numbered="false"} + +TODO acknowledge. diff --git a/draft-todo-yourname-protocol.md b/draft-todo-yourname-protocol.md deleted file mode 100644 index f2469df..0000000 --- a/draft-todo-yourname-protocol.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -### -# Internet-Draft Markdown Template -# -# Rename this file from draft-todo-yourname-protocol.md to get started. -# Draft name format is "draft---.md". -# -# For initial setup, you only need to edit the first block of fields. -# Only "title" needs to be changed; delete "abbrev" if your title is short. -# Any other content can be edited, but be careful not to introduce errors. -# Some fields will be set automatically during setup if they are unchanged. -# -# Don't include "-00" or "-latest" in the filename. -# Labels in the form draft----latest are used by -# the tools to refer to the current version; see "docname" for example. -# -# This template uses kramdown-rfc2629: https://github.com/cabo/kramdown-rfc2629 -# You can replace the entire file if you prefer a different format. -# Change the file extension to match the format (.xml for XML, etc...) -# -### -title: "TODO - Your title" -abbrev: "TODO - Abbreviation" -category: info - -docname: draft-todo-yourname-protocol-latest -ipr: trust200902 -area: AREA -workgroup: WG Working Group -keyword: Internet-Draft -venue: - group: WG - type: Working Group - mail: WG@example.com - arch: https://example.com/WG - github: USER/REPO - latest: https://example.com/LATEST - -stand_alone: yes -smart_quotes: no -pi: [toc, sortrefs, symrefs] - -author: - - - name: Your Name Here - organization: Your Organization Here - email: your.email@example.com - -normative: - -informative: - - ---- abstract - -TODO Abstract - - ---- middle - -# Introduction - -TODO Introduction - - -# Conventions and Definitions - -{::boilerplate bcp14-tagged} - - -# Security Considerations - -TODO Security - - -# IANA Considerations - -This document has no IANA actions. - - ---- back - -# Acknowledgments -{:numbered="false"} - -TODO acknowledge.