--- 1/draft-ietf-lamps-samples-07.txt 2022-02-02 15:13:10.511856661 -0800 +++ 2/draft-ietf-lamps-samples-08.txt 2022-02-02 15:13:10.583858479 -0800 @@ -1,18 +1,18 @@ lamps D.K. Gillmor, Ed. Internet-Draft ACLU -Intended status: Informational 14 December 2021 -Expires: 17 June 2022 +Intended status: Informational 2 February 2022 +Expires: 6 August 2022 S/MIME Example Keys and Certificates - draft-ietf-lamps-samples-07 + draft-ietf-lamps-samples-08 Abstract The S/MIME development community benefits from sharing samples of signed or encrypted data. This document facilitates such collaboration by defining a small set of X.509v3 certificates and keys for use when generating such samples. Status of This Memo @@ -22,25 +22,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on 17 June 2022. + This Internet-Draft will expire on 6 August 2022. Copyright Notice - Copyright (c) 2021 IETF Trust and the persons identified as the + Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. @@ -89,50 +89,52 @@ 8. Dana's Sample Certificates . . . . . . . . . . . . . . . . . 29 8.1. Dana's Signature Verification End-Entity Certificate . . 29 8.2. Dana's Signing Private Key Material . . . . . . . . . . . 30 8.3. Dana's Encryption End-Entity Certificate . . . . . . . . 30 8.4. Dana's Decryption Private Key Material . . . . . . . . . 30 8.5. PKCS12 Object for Dana . . . . . . . . . . . . . . . . . 31 9. Security Considerations . . . . . . . . . . . . . . . . . . . 32 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 11. Document Considerations . . . . . . . . . . . . . . . . . . . 32 11.1. Document History . . . . . . . . . . . . . . . . . . . . 32 - 11.1.1. Substantive Changes from draft-ietf-*-06 to - draft-ietf-*-07 . . . . . . . . . . . . . . . . . . . 32 - 11.1.2. Substantive Changes from draft-ietf-*-05 to + 11.1.1. Substantive Changes from draft-ietf-*-07 to + draft-ietf-*-08 . . . . . . . . . . . . . . . . . . . 32 + 11.1.2. Substantive Changes from draft-ietf-*-06 to + draft-ietf-*-07 . . . . . . . . . . . . . . . . . . . 33 + 11.1.3. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06 . . . . . . . . . . . . . . . . . . . 33 - 11.1.3. Substantive Changes from draft-ietf-*-04 to + 11.1.4. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 . . . . . . . . . . . . . . . . . . . 33 - 11.1.4. Substantive Changes from draft-ietf-*-03 to + 11.1.5. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 . . . . . . . . . . . . . . . . . . . 33 - 11.1.5. Substantive Changes from draft-ietf-*-02 to + 11.1.6. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 . . . . . . . . . . . . . . . . . . . 33 - 11.1.6. Substantive Changes from draft-ietf-*-01 to + 11.1.7. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 . . . . . . . . . . . . . . . . . . . 33 - 11.1.7. Substantive Changes from draft-ietf-*-00 to + 11.1.8. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 . . . . . . . . . . . . . . . . . . . 34 - 11.1.8. Substantive Changes from draft-dkg-*-05 to + 11.1.9. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 . . . . . . . . . . . . . . . . . . . 34 - 11.1.9. Substantive Changes from draft-dkg-*-04 to + 11.1.10. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 . . . . . . . . . . . . . . . . . . . 34 - 11.1.10. Substantive Changes from draft-dkg-*-03 to + 11.1.11. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 . . . . . . . . . . . . . . . . . . . 34 - 11.1.11. Substantive Changes from draft-dkg-*-02 to + 11.1.12. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 . . . . . . . . . . . . . . . . . . . 34 - 11.1.12. Substantive Changes from draft-dkg-*-01 to + 11.1.13. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 . . . . . . . . . . . . . . . . . . . 34 - 11.1.13. Substantive Changes from draft-dkg-*-00 to + 11.1.14. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 . . . . . . . . . . . . . . . . . . . 34 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 13.1. Normative References . . . . . . . . . . . . . . . . . . 35 - 13.2. Informative References . . . . . . . . . . . . . . . . . 35 + 13.2. Informative References . . . . . . . . . . . . . . . . . 36 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 37 1. Introduction The S/MIME ([RFC8551]) development community, in particular the e-mail development community, benefits from sharing samples of signed and/or encrypted data. Often the exact key material used does not matter because the properties being tested pertain to implementation correctness, completeness or interoperability of the overall system. However, without access to the relevant secret key material, a sample @@ -222,21 +224,21 @@ 2.3. Certificate Revocation Because these are expected to be used in test suites or examples, and we do not expect there to be online network services in these use cases, we do not expect these certificates to produce any revocation artifacts. As a result, none of the certificates include either an OCSP indicator (see id-ad-ocsp as defined in the Authority Information Access X.509 extension in S.4.2.2.1 of [RFC5280]) or a CRL indicator - (see the CRL Disttribution Points X.509 extension as defined in + (see the CRL Distribution Points X.509 extension as defined in S.4.2.1.13 of [RFC5280]). 2.4. Using the CA in Test Suites To use these end-entity certificates in a piece of software (for example, in a test suite or an interoperability matrix), most tools will need to accept either the Example RSA CA (Section 3) or the Example Ed25519 CA (Section 6) as a legitimate root authority. Note that some tooling behaves differently for certificates validated @@ -277,39 +279,43 @@ ╔══════════════╗ ┌──────────────────┐ ┌───────────────────┐ ║ ca.25519.crt ╟─→│ ca.rsa.cross.crt ├─→│ alice.encrypt.crt │ ╚══════════════╝ └──────────────────┘ └───────────────────┘ By omitting the cross-signed CA certs, it should be possible to test a "transvalid" certificate (an end-entity certificate that is supplied without its intermediate certificate) in some configurations. 2.6. Passwords - Each secret key presented in this draft is unprotected (it has no + Each secret key presented in this draft is represented as a PEM- + encoded PKCS#8 [RFC5958] object in cleartext form (it has no password). As such, the secret key objects are not suitable for verifying interoperable password protection schemes. However, the PKCS#12 [RFC7292] objects do have simple textual passwords, because tooling for dealing with passwordless PKCS#12 objects is underdeveloped at the time of this draft. 2.7. Secret key origins The secret RSA keys in this document are all deterministically derived using provable prime generation as found in [FIPS186-4], based on known seeds derived via [SHA256] from simple strings. The - secret Ed25519 and X25519 keys in this document are all derived by - hashing a simple string. The seeds and their derivation are included - in the document for informational purposes, and to allow re-creation - of the objects from appropriate tooling. + validation parameters for these derivations are stored in the objects + themselves as specified in [RFC8479]. + + The secret Ed25519 and X25519 keys in this document are all derived + by hashing a simple string. The seeds and their derivation are + included in the document for informational purposes, and to allow re- + creation of the objects from appropriate tooling. All RSA seeds used are 224 bits long (the first 224 bits of the SHA-256 digest of the origin string), and are represented in hexadecimal. 3. Example RSA Certification Authority The example RSA Certification Authority has the following information: @@ -1317,112 +1323,116 @@ kkzl2MltAgIoAA== -----END PKCS12----- 9. Security Considerations The keys presented in this document should be considered compromised and insecure, because the secret key material is published and therefore not secret. Any application which maintains a denylist of invalid key material - SHOULD include these keys in its list. + should include these keys in its list. 10. IANA Considerations IANA has nothing to do for this document. 11. Document Considerations [ RFC Editor: please remove this section before publication ] This document is currently edited as markdown. Minor editorial changes can be suggested via merge requests at https://gitlab.com/dkg/lamps-samples or by e-mail to the author. Please direct all significant commentary to the public IETF LAMPS mailing list: spasm@ietf.org 11.1. Document History -11.1.1. Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07 +11.1.1. Substantive Changes from draft-ietf-*-07 to draft-ietf-*-08 + * Apply editorial cleanup suggested during review + +11.1.2. Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07 + * Correct document history * Restore PKCS12 for dana and bob from -05 -11.1.2. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06 +11.1.3. Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06 * Added outbound references for acronyms PEM, CRL, and OCSP, thanks Stewart Brant. * Accidentally modified PKCS12 for dana and bob -11.1.3. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 +11.1.4. Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05 * Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for interop with Keychain Access on macOS. -11.1.4. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 +11.1.5. Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04 * Order subject/issuer DN components by scope. * Put cross-signed intermediate CA certificates into PKCS#12 instead of self-signed root CA certificates. -11.1.5. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 +11.1.6. Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03 * Correct encoding of S/MIME Capabilities extension. * Change "Certificate Authority" to "Certification Authority". * Add CertificatePolicies to all intermediate and end-entity certificates. * Add organization and organizational unit to all certificates. -11.1.6. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 +11.1.7. Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02 * Added cross-signed certificates for both CAs * Added S/MIME Capabilities extension for Carlos and Dana's encryption keys, indicating preferred ECDH parameters. * Ensure no serial numbers are negative. * Encode keyUsage extensions in minimum-length BIT STRINGs. -11.1.7. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 +11.1.8. Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01 * Added Curve25519 sample certificates (new CA, Carlos, and Dana) -11.1.8. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 +11.1.9. Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00 * WG adoption (dkg moves from Author to Editor) -11.1.9. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 +11.1.10. Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05 * PEM blobs are now sourcecode, not artwork -11.1.10. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 +11.1.11. Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04 * Describe deterministic key generation * label PEM blobs with filenames in XML -11.1.11. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 +11.1.12. Substantive Changes from draft-dkg-*-02 to draft-dkg-*-03 * Alice and Bob now each have two distinct certificates: one for signing, one for encryption, and public keys to match. -11.1.12. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 +11.1.13. Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02 * PKCS#12 objects are deliberately locked with simple passphrases -11.1.13. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 +11.1.14. Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01 * changed all three keys to use RSA instead of RSA-PSS * set keyEncipherment keyUsage flag instead of dataEncipherment in EE certs 12. Acknowledgements This draft was inspired by similar work in the OpenPGP space by Bjarni Runar and juga at [I-D.bre-openpgp-samples]. @@ -1454,38 +1464,46 @@ Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, . - [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, - DOI 10.17487/RFC5322, October 2008, - . + [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, + DOI 10.17487/RFC5958, August 2010, + . [RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A., and M. Scott, "PKCS #12: Personal Information Exchange Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014, . + [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, + PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, + April 2015, . + [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital Signature Algorithm (EdDSA)", RFC 8032, DOI 10.17487/RFC8032, January 2017, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . + [RFC8479] Mavrogiannopoulos, N., "Storing Validation Parameters in + PKCS#8", RFC 8479, DOI 10.17487/RFC8479, September 2018, + . + [RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/ Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification", RFC 8551, DOI 10.17487/RFC8551, April 2019, . 13.2. Informative References [FIPS186-4] "Digital Signature Standard (DSS)", National Institute of Standards and Technology report, @@ -1496,23 +1514,23 @@ Einarsson, B. R., juga, and D. K. Gillmor, "OpenPGP Example Keys and Certificates", Work in Progress, Internet-Draft, draft-bre-openpgp-samples-01, 20 December 2019, . [RFC4134] Hoffman, P., Ed., "Examples of S/MIME Messages", RFC 4134, DOI 10.17487/RFC4134, July 2005, . - [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, - PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, - April 2015, . + [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, + DOI 10.17487/RFC5322, October 2008, + . [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April 2015, . [RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure", RFC 8410, DOI 10.17487/RFC8410, August 2018, .