Issue #2718: Selecting algorithms in ECC - dogtagpki

dogtagpki

#2718 Selecting algorithms in ECC

Closed: migrated 3 years ago by dmoluguw. Opened 6 years ago by mharmsen.

While testing BZ https://bugzilla.redhat.com/show_bug.cgi?id=1222557, I have
few questions about selecting algorithms.

RFC for ECC (https://www.ietf.org/rfc/rfc5480.txt) talks about two more
algorithms that may be supported which are "id-ecDH" and "id-ecMQV"
algorithms. When we sign an ECC certificate request using dogtag it always
gives " id-ecPublicKey " in Public Key Algorithm under Subject Public Key Info.
I have not seen other two algorithm's.

I am not sure how we decide upon algorithms and how and when to use which one.

Metadata Update from @mharmsen:
- Custom field component adjusted to General
- Custom field feature adjusted to ''
- Custom field origin adjusted to Community
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1456851
- Custom field type adjusted to defect
- Custom field version adjusted to ''
- Issue assigned to cfu
- Issue priority set to: critical

6 years ago

ftweedal commented 6 years ago

From my reading, id-ecPublicKey means "can be used with any algorithm" where as the others constrain usage to a particular key agreement algorithm.

Is there a legitimate business need for this? I would question whether there is,
because Key Usage and EKU constrain how the key can be used anyway.
I don't know if anyone is concerned about exactly what key agreement gets
used; many programs will let you configure that separate anyway e.g. via cipher suites.

Anyhow, if we do implement it, it would have to be configured in the profile
somehow.

mharmsen commented 6 years ago

[20170705] - In speaking with cfu, we believe that this ticket can be moved to 10.5

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5 (was: 10.4)

6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: FUTURE (was: 10.5)

6 years ago

mharmsen commented 6 years ago

Per 10.5.x/10.6 Triage: FUTURE

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2838

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

cfu

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

FUTURE

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1456851

type

defect

version

keywords

None

estimate

None

feature

origin

Community

proposedpriority

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

component

General

proposedmilestone

dogtagpki

Source Code

#2718 Selecting algorithms in ECC Closed: migrated 3 years ago by dmoluguw. Opened 6 years ago by mharmsen.

Metadata

#2718 Selecting algorithms in ECC

Closed: migrated 3 years ago by dmoluguw. Opened 6 years ago by mharmsen.