Diffie-Hellman Proof-of-Possession Algorithms
draft-schaad-pkix-rfc2875-bis-08
Yes
(Sean Turner)
No Objection
(Adrian Farrel)
(Barry Leiba)
(Benoît Claise)
(Brian Haberman)
(Joel Jaeggli)
(Martin Stiemerling)
(Pete Resnick)
(Robert Sparks)
(Ron Bonica)
(Stewart Bryant)
(Wesley Eddy)
Note: This ballot was opened for revision 06 and is now closed.
Sean Turner Former IESG member
Yes
Yes
(for -06)
Unknown
Adrian Farrel Former IESG member
No Objection
No Objection
(for -06)
Unknown
Barry Leiba Former IESG member
No Objection
No Objection
(for -06)
Unknown
Benoît Claise Former IESG member
No Objection
No Objection
(for -06)
Unknown
Brian Haberman Former IESG member
No Objection
No Objection
(for -06)
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
(for -07)
Unknown
Martin Stiemerling Former IESG member
No Objection
No Objection
(for -06)
Unknown
Pete Resnick Former IESG member
No Objection
No Objection
(for -06)
Unknown
Robert Sparks Former IESG member
No Objection
No Objection
(for -06)
Unknown
Ron Bonica Former IESG member
No Objection
No Objection
(for -06)
Unknown
Russ Housley Former IESG member
(was Discuss)
No Objection
No Objection
(2013-02-04 for -06)
Unknown
I think that the Introduction needs to be expanded. First, the phrase "producing a POP" does not make it clear that the proof is that the party has possession of the private key that corresponds to the public key in the certificate request. Second, in some cases, a DH key can be used to make a DSA signature, and an ECDH key can be used to make an ECDSA signature. Such an operation would provide the POP. Such an operation may not be possible if the key is stored in a hardware device that ensures a typed key is used only with one algorithm. The Introduction states: > > Given the current PKIX definitions for the public key parameters of > elliptic curve, the number of groups is both limited and predefined. > This means that the probability that the same set of parameters are > going to be used by the key requester and the key validator are > significantly higher than they are in the Diffie-Hellman case. > In Static-Static Diffie-Hellman, both parties must employ the exact same parameters. In Ephemeral-Static Diffie-Hellman, the sender must employ the parameters from the certificate of the receiver. Thus, it seems to me that DH is also reduced to a well-known set of parameters.
Stephen Farrell Former IESG member
No Objection
No Objection
(2013-01-22 for -06)
Unknown
- Is floor(a,b) not an odd notation? Normally floor has only one input. Is this used elsewhere? Why not just define floor(x) and then use floor(a/b) as usual? - It appears as if you have gotten OIDs from the PKIX arc already, so the tense in the IANA section is wrong. - I didn't check the ASN.1 modules, nor the examples. Has anyone?
Stewart Bryant Former IESG member
No Objection
No Objection
(for -06)
Unknown
Wesley Eddy Former IESG member
No Objection
No Objection
(for -06)
Unknown