rfc5081 update

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Nov 12 22:38:57 CET 2008

On Mon 2008-11-03 14:21:10 -0500, Nikos Mavrogiannopoulos wrote:

> ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-mavrogiannopoulos-rfc5081bis-02.txt

Sorry it's taken me a while to really read this.  I have a few
concerns.  If this is not the proper forum for airing these things,
just point me in the right direction.

 * The draft does not specify what version of OpenPGP certificates
   should be used for this.  Given that RFC 4880 explicitly deprecated
   V3 certificates, i think this draft should at least do the same.
   It would be simpler for implementation if this draft specified that
   compliant implementations MUST support V4 certificates, and MUST
   NOT use V3 certificates.

 * Section 3.1 is phrased as a comparison between client and server:

      struct {
         select(ClientOrServerExtension) {
            case client:
               CertificateType certificate_types<1..2^8-1>;
            case server:
               CertificateType certificate_type;
      } CertificateTypeExtension;

    However, i think this is misleading; when the same struct is used
    during the Client Certificate Request, the server offers some
    number of CertificateType possibilities, and the client responds
    with the CertificateType of its choosing.  If i'm reading this
    right, the naming is actually backwards when the struct is used in
    section 3.5.  Maybe it would be better to refer to these struct
    elements as request/response instead of client/server?

 * It looks like the values for OpenPGPCertDescriptorType are
   overlapped: in particular, 1 is bound to "cert" in 5081, but bound
   to "empty_cert" in 5081bis.  This seems like it could cause
   problems if one party implements 5081 and the other implements

 * There is no IANA registry requested for OpenPGPCertDescriptorType,
   and none is allocated in 5081 either.  Is that OK?  Could this enum
   ever change?  Who will manage addition of new values there are
   changes needed?

 * I'm concerned that the useful values for OpenPGPCertDescriptorType
   (subkey_cert and subkey_cert_fingerprint) all refer to subkeys.
   It's certainly possible to set the Authentication (0x20) Usage flag
   [0] on the primary key, or to have a primary key with no subkeys.
   While i think the obvious answer is that the keyid can refer to
   *either* the primary key or the subkey (but to a specific key, not
   to the entire aggregated certificate), it seems a little odd to
   explicitly call it the subkey id.

 * Why are OpenPGPKeyID elements written foo<1..8>.  Shouldn't we be
   requiring the full 8 bytes of keyid?  The syntax seems to imply to
   me that i could offer a 1-byte KeyID and still be compliant.

 * Why does OpenPGPSubKeyFingerprint contain both OpenPGPKeyID and
   OpenPGPCertFingerprint?  For V4 keys, the KeyID is just the
   low-order 64 bits of the fingerprint [1].  If we only allow
   V4-or-later keys in this spec, we could remove that struct element.

Hope these questions and ideas are useful.  Please let me know if i'm
not making sense.  I look forward to your feedback!


[0] http://tools.ietf.org/html/rfc4880#section-
[1] http://tools.ietf.org/html/rfc4880#section-12.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20081112/df8467fa/attachment.pgp>

More information about the Gnutls-devel mailing list