Diffie-Hellman Proof-of-Possession Algorithms
draft-schaad-pkix-rfc2875-bis-08
Yes
No Objection
Note: This ballot was opened for revision 06 and is now closed.
(Sean Turner; former steering group member) Yes
(Adrian Farrel; former steering group member) No Objection
(Barry Leiba; former steering group member) No Objection
(Benoît Claise; former steering group member) No Objection
(Brian Haberman; former steering group member) No Objection
(Joel Jaeggli; former steering group member) No Objection
(Martin Stiemerling; former steering group member) No Objection
(Pete Resnick; former steering group member) No Objection
(Robert Sparks; former steering group member) No Objection
(Ron Bonica; former steering group member) No Objection
(Russ Housley; former steering group member) (was Discuss) No Objection
I think that the Introduction needs to be expanded. First, the phrase "producing a POP" does not make it clear that the proof is that the party has possession of the private key that corresponds to the public key in the certificate request. Second, in some cases, a DH key can be used to make a DSA signature, and an ECDH key can be used to make an ECDSA signature. Such an operation would provide the POP. Such an operation may not be possible if the key is stored in a hardware device that ensures a typed key is used only with one algorithm. The Introduction states: > > Given the current PKIX definitions for the public key parameters of > elliptic curve, the number of groups is both limited and predefined. > This means that the probability that the same set of parameters are > going to be used by the key requester and the key validator are > significantly higher than they are in the Diffie-Hellman case. > In Static-Static Diffie-Hellman, both parties must employ the exact same parameters. In Ephemeral-Static Diffie-Hellman, the sender must employ the parameters from the certificate of the receiver. Thus, it seems to me that DH is also reduced to a well-known set of parameters.
(Stephen Farrell; former steering group member) No Objection
- Is floor(a,b) not an odd notation? Normally floor has only one input. Is this used elsewhere? Why not just define floor(x) and then use floor(a/b) as usual? - It appears as if you have gotten OIDs from the PKIX arc already, so the tense in the IANA section is wrong. - I didn't check the ASN.1 modules, nor the examples. Has anyone?
(Stewart Bryant; former steering group member) No Objection
(Wesley Eddy; former steering group member) No Objection