[Search] [pdf|bibtex] [Tracker] [WG] [Email] [Nits]

Versions: 00                                                            
IPSEC Working Group                           Ashar Aziz
INTERNET-DRAFT                                Tom Markson
                                              Hemma Prafullchandra
                                              Sun Microsystems, Inc.

Expires in six months                         December 21, 1995

             X.509 Encoding of Diffie-Hellman Public Values

Status of this Memo

This document is a submission to the IETF Internet Protocol Security
(IPSEC) Working Group. Comments are solicited and should be addressed to
to the working group mailing list (ipsec@ans.net) or to the authors.

This document is an Internet-Draft.  Internet Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working Groups. Note that other groups may also distribute working
documents as Internet Drafts.

Internet-Drafts draft documents are valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."

To learn the current status of any Internet-Draft, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
ftp.isi.edu (US West Coast).

Distribution of this memo is unlimited.

draft-ietf-ipsec-skip-X509-00.txt                   [Page 1]

INTERNET-DRAFT           SKIP-X509         December 21, 1995


This document describes the ASN.1 [1] encoding of the CCITT 1988 X.509
[2] certificate with Diffie-Hellman public values for use with SKIP [5].

draft-ietf-ipsec-skip-X509-00.txt                   [Page 2]


    Status of this Memo..................................  1

    Abstract.............................................  2

1.  Encoding of DH public values.........................  3

2.  Encoding of the Distinguished Name (DN)..............  4

3.  Security Considerations..............................  5

    Acknowledgements.....................................  5

    References...........................................  5

    Author's Address(es).................................  6

                           - i -

INTERNET-DRAFT           SKIP-X509         December 21, 1995

1.  Encoding of DH public values

The X.509 certificate format is defined by the following ASN.1 syntax:

Certificate ::= SIGNED SEQUENCE {
                  version [0]           Version DEFAULT v1988,
                  serialNumber          CertificateSerialNumber,
                  signature             AlgorithmIdentifier,
                  issuer                Name,
                  validity              Validity,
                  subject               Name,
                  subjectPublicKeyInfo  SubjectPublicKeyInfo

Version ::= INTEGER { v1988(0) }

CertificateSerialNumber ::= INTEGER

Validity ::= SEQUENCE {
               notBefore UTCTime,
               notAfter UTCTime

SubjectPublicKeyInfo ::= SEQUENCE {
                           algorithm    AlgorithmIdentifier,
                           subjectPublicKey     BIT STRING

AlgorithmIdentifier ::= SEQUENCE {
                          algorithm       OBJECT IDENTIFIER,
                          parameters      ANY DEFINED BY algorithm OPTIONAL

The encoding of a Diffie-Hellman public value in an X.509 certificate
will be in the form of an INTEGER.  The algorithm identifier will be as
defined in PKCS #3 [3].

draft-ietf-ipsec-skip-X509-00.txt                   [Page 3]

INTERNET-DRAFT           SKIP-X509         December 21, 1995


DHPublicKey ::= INTEGER

AlgorithmIdentifier ::= SEQUENCE {
                          algorithm     OBJECT IDENTIFIER
                          SEQUENCE {
                            prime INTEGER,      -- p
                            base  INTEGER,      -- g
                            privateValueLength INTEGER OPTIONAL

with the OBJECT IDENTIFIER value being,

dhKeyAgreement OBJECT IDENTIFIER ::= { iso(1) member-body(2) US(840)
                                        rsadsi(113549) pkcs(1) 3  1 }

The DHPublicKey gets encapsulated as the BIT STRING in
SubjectPublicKeyInfo of an X.509 certificate in the following manner.
First the DHPublicKey is encoded as an INTEGER, and then this INTEGER is
encoded as the payload of the BIT STRING.

The certificate and Certificate Revocation List (CRL) encoding is the
same as in RFC 1422. CRLs can be used with SKIP in accordance with each
site's certificate/CRL management policies.

2.  Encoding of the Distinguished Name (DN)

When the name space is the IP address space, a certificate is allowed to
bind multiple IP addresses to a single public value to accommodate cases
where a single IP node has multiple IP addresses.  The SEQUENCE-OF
construct in a DN readily allows for this.  What is needed is an ASN.1
OBJECT IDENTIFIER for an AttributeType specifying an IP address.

draft-ietf-ipsec-skip-X509-00.txt                   [Page 4]

INTERNET-DRAFT           SKIP-X509         December 21, 1995

This is defined here as,

                        PrintableString (SIZE(1 .. ub-ipAddress))
                ::= { 1, 3, 6, 1, 4, 1, 42, 2, 11, 2, 1 }

ub-ipAddress ::= 256

The DN in the certificate can contain multiple of these by iterating on
the SEQUENCE-OF construct of the Relative Distinguished Name Sequence.

The PrintableString contains either the hexadecimal representation or
standard dot notation representation of an IP address.  Note that all
three conventional forms for representing IPv6 addresses [7] as text
strings are allowed by this definition.

When individual users are identified using DNs, then the certificate
naturally contains their DNs.  The SKIP internet draft [5] describes how
DNs may be used with SKIP, by identifying the DN name space using the
Source and destination NSID bytes in the SKIP header.

3.  Security Considerations

Security issues are not discussed in this document.


We would like to thank all of the people who helped make this draft


[1] CCITT Recommendation X.208 (1992), "Abstract Syntax Notation One"

[2] CCITT Recommendation X.509 (1988), "The Directory - Authentication

[3] "Public Key Cryptography Standards", PKCS#s 1-11 from RSA Data
    Security Inc., Redwood City, CA, ftp://ftp.rsa.com/pub/pkcs

draft-ietf-ipsec-skip-X509-00.txt                   [Page 5]

INTERNET-DRAFT           SKIP-X509         December 21, 1995

[4] Kent, S., "Privacy Enhancement for Internet Electronic Mail:  Part
    II: Certificate-Based Key Management", RFC 1422

[5] Aziz, A., Markson, T., Prafullchandra, H., "Simple Key-management
    for Internet Protocols", (I-D draft-ietf-ipsec-skip-06.txt), Work In

[6] "NIST OIW Stable Implementors Workshop", September 1994, Part 12 -
    OS Security

[7] Hinden, R., Deering, S., "IP Version 6 Addressing Architecture",
    (I-D draft-ietf-ipngwg-addr-arch-03.txt), Work In Progress

Author's Address(es)

     Ashar Aziz
     Sun Microsystems, Inc.
     M/S PAL1-550
     2550 Garcia Avenue
     Mountain View, CA 94043

     Email: ashar.aziz@eng.sun.com
     Alternate email address: ashar@incog.com

     Tom Markson
     Sun Microsystems, Inc.
     M/S PAL1-550
     2550 Garcia Avenue
     Mountain View, CA 94043

     Email: markson@incog.com
     Alternate email address: markson@eng.sun.com

     Hemma Prafullchandra
     Sun Microsystems, Inc.
     M/S PAL1-550
     2550 Garcia Avenue
     Mountain View, CA 94043

     Email: hemma@eng.sun.com
     Alternate email address: hemma@incog.com

draft-ietf-ipsec-skip-X509-00.txt                   [Page 6]