The following errata report has been rejected for RFC7427, "Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)".
-------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata_search.php?rfc=7427&eid=4296 -------------------------------------- Status: Rejected Type: Editorial Reported by: Annie Yousar <[email protected]> Date Reported: 2015-03-10 Rejected by: Kathleen Moriarty (IESG) Section: A.4.3 Original Text ------------- Here the parameters are present and contain hashAlgorithm of SHA-256, | maskGenAlgorithm of SHA-256, saltLength of 32, and trailerField of 1. 0000 : SEQUENCE 0002 : OBJECT IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1.10) 000d : SEQUENCE 000f : CONTEXT 0 0011 : SEQUENCE 0013 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) 001e : NULL 0020 : CONTEXT 1 0022 : SEQUENCE | 0024 : OBJECT IDENTIFIER 1.2.840.113549.1.1.8 002f : SEQUENCE 0031 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) 003c : NULL 003e : CONTEXT 2 0040 : INTEGER 0x20 (6 bits) | 0043 : CONTEXT 3 | 0045 : INTEGER 0x1 (1 bits) Name = RSASSA-PSS with sha-256, oid = 1.2.840.113549.1.1.10 | Length = 72 0000: 3046 0609 2a86 4886 f70d 0101 0a30 39a0 0010: 0f30 0d06 0960 8648 0165 0304 0201 0500 0020: a11c 301a 0609 2a86 4886 f70d 0101 0830 0030: 0d06 0960 8648 0165 0304 0201 0500 a203 | 0040: 0201 20a3 0302 0101 Corrected Text -------------- Here the parameters are present and contain hashAlgorithm of SHA-256, | maskGenAlgorithm of MGF1 with SHA-256, saltLength of 32, and | trailerField of 1. | Note that since the trailerField has the default value it MUST NOT be | encoded according to the Distiguished Encoding Rules (DER) of ASN.1. 0000 : SEQUENCE 0002 : OBJECT IDENTIFIER RSASSA-PSS (1.2.840.113549.1.1.10) 000d : SEQUENCE 000f : CONTEXT 0 0011 : SEQUENCE 0013 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) 001e : NULL 0020 : CONTEXT 1 0022 : SEQUENCE | 0024 : OBJECT IDENTIFIER id-mgf1 (1.2.840.113549.1.1.8) 002f : SEQUENCE 0031 : OBJECT IDENTIFIER id-sha256 (2.16.840.1.101.3.4.2.1) 003c : NULL 003e : CONTEXT 2 0040 : INTEGER 0x20 (6 bits) Name = RSASSA-PSS with sha-256, oid = 1.2.840.113549.1.1.10 | Length = 67 0000: 3046 0609 2a86 4886 f70d 0101 0a30 39a0 0010: 0f30 0d06 0960 8648 0165 0304 0201 0500 0020: a11c 301a 0609 2a86 4886 f70d 0101 0830 0030: 0d06 0960 8648 0165 0304 0201 0500 a203 | 0040: 0201 20 Notes ----- 1. The maskGenAlgorithm is in fact not SHA-256 (2.16.840.1.101.3.4.2.1), but MGF1 (1.2.840.113549.1.1.8) based on SHA-256 (2.16.840.1.101.3.4.2.1). 2. Section 3 requires the use of DER: The ASN.1 used here is the same ASN.1 used in the AlgorithmIdentifier of PKIX (see Section 4.1.1.2 of [RFC5280]), encoded using distinguished encoding rules (DER) [CCITT.X690.2002]. --VERIFIER NOTES-- Per Tero Kivinen: The id-mgf1 oid is there in the example, the tool I used didn't know the name for it thus it just printed out the oid. As this does not affect the binary object at all there is no problem in here. > 2. Section 3 requires the use of DER: > The ASN.1 used here is the same ASN.1 used in the > AlgorithmIdentifier of PKIX (see Section 4.1.1.2 of [RFC5280]), > encoded using distinguished encoding rules (DER) [CCITT.X690.2002]. Yes, but RFC4055 says that: trailerField The trailerField field is an integer. It provides compatibility with IEEE Std 1363a-2004 [P1363A]. The value MUST be 1, which represents the trailer field with hexadecimal value 0xBC. Other trailer fields, including the trailer field composed of HashID concatenated with 0xCC that is specified in IEEE Std 1363a, are not supported. Implementations that perform signature generation MUST omit the trailerField field, indicating that the default trailer field value was used. Implementations that perform signature validation MUST recognize both a present trailerField field with value 1 and an absent trailerField field. I.e. you should recognize both formats. Yes, we could have another example also showing the object value to used when generating these and when omitting the default values (like we do have for SHA-1). -------------------------------------- RFC7427 (draft-kivinen-ipsecme-signature-auth-07) -------------------------------------- Title : Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) Publication Date : January 2015 Author(s) : T. Kivinen, J. Snyder Category : PROPOSED STANDARD Source : IP Security Maintenance and Extensions Area : Security Stream : IETF Verifying Party : IESG _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
