Implementation issues that arise during the XKMS CR Last Call.
Color key: error warning note
| Id:Title | State | Type | Ack. |
|---|---|---|---|
| 313-tl-1 : Innacurate examples of key derivations in Appendix C | no decision (raised) | editorial | |
| 313-tl-2 : Use of "Secret Key" term rather than "Private Key" in Appendix C | no decision (raised) | editorial | |
| 314-tl-1 : Error in Section C.2.2 | no decision (raised) | editorial | |
| 315-ga-1 : Misplaced definition of "RequestSignatureValue" | no decision (raised) | editorial | |
| 315-ga-2 : Double definition of "ResponseId" attribute | no decision (raised) | editorial | |
| 315-ga-3 : Typo in example | no decision (raised) | editorial | |
| 316-sm-1 : Need editor for LC issue list | completed | editorial | No response to reviewer |
Appendix C of the XKMS Vesion 2 Candidate Recommendation, entitled Sample Protocol Exchanges, contains examples of key derivations, some of which appear not to be accurate. I enclose my suggested corrections below.
Section 8.1 (Use of Limited-Use Shared Secret Data) says that "All space and control characters are removed." Given sections C.1.2 and C.1.3, this suggests that a hyphen is a control character. For the sake of clarity I propose using "punctuation characters" instead of or in addition to "control characters".
Also, it might be more appropriate to call the derived quantities "Secret Keys" as opposed to "Private Keys".
C.1.2 Bob Registration Authentication Key
Authentication Data
3N9CJ-JK4JK-S04JF-W0934-JSR09-JWIK4
Converted Authentication Data
[33][6e][39][63][6a][6a][6b][34] [6a][6b][73][30][34][6a][66][77]
[30][39][33][34][6a][73][72][30]
[39][6a][77][69][6b][34]
Key = HMAC-SHA1 (Converted Authentication Data, 0x1)
[92][33][7c][7c][3e][8d][3b][7a] [cf][11][59][89][36][64][56][69]
[95][4f][8f][d7]
C.1.3 Bob Registration Private Key Encryption
Authentication Data
3N9CJ-K4JKS-04JWF-0934J-SR09JW-IK4
Converted Authentication Data
[33][6e][39][63][6a][6b][34][6a] [6b][73][30][34][6a][77][66][30]
[39][33][34][6a][73][72][30][39] [6a][77][69][6b][34]
First Block = HMAC-SHA1 (Converted Authentication Data, 0x4)
[78][f1][e7][b1][b3][fd][0c][bc] [96][04][e7][01][4f][33][78][d3]
[0b][c8][5f][bd]
Key = First Block XOR 0x4
[7c][f1][e7][b1][b3][fd][0c][bc] [96][04][e7][01][4f][33][78][d3]
[0b][c8][5f][bd]
Second Block = HMAC-SHA1 (Converted Authentication Data, Key)
[1e][7f][e1][b0][ab][d0][f8][09] [2e][28][f3][9d][14][a8][d0][83]
[2e][ab][ea][22]
Final Private Key
[78][f1][e7][b1][b3][fd][0c][bc] [96][04][e7][01][4f][33][78][d3]
[0b][c8][5f][bd][1e][7f][e1][b0]
C.1.4 Bob Recovery Private Key Encryption
Authentication Data
A8YUT vuhhu c9h29 8y43u h9j3i 23
Converted Authentication Data
[61][38][79][75][74][76][75][68] [68][75][63][39][68][32][39][38]
[79][34][33][75][68][39][6a][33] [69][32][33]
Private Key
[91][8c][67][d8][bc][16][78][86] [dd][6d][39][19][91][c4][49][6f]
[14][e2][61][33][6c][15][06][7b]
C.2.1 Alice Pass Phrase Computation
The values are correct, but the lines
Pass Phrase Pass 1 HMAC-SHA1 (Converted Authentication Data, 0x1)
Pass Phrase Pass 2 = HMAC-SHA1 (Pass Phrase Pass 1 , 0x2
should read
Pass Phrase Pass 1 HMAC-SHA1 (Converted Authentication Data, 0x2)
Pass Phrase Pass 2 = HMAC-SHA1 (Pass Phrase Pass 1 , 0x3)
C.2.2 Bob Pass Phrase Computation
The values are correct, but the lines
Pass Phrase Pass 1 HMAC-SHA1 (Converted Authentication Data, 0x1)
Pass Phrase Pass 2 = HMAC-SHA1 (Pass Phrase Pass 1 , 0x2
should read
Pass Phrase Pass 1 HMAC-SHA1 (Converted Authentication Data, 0x2)
Pass Phrase Pass 2 = HMAC-SHA1 (Pass Phrase Pass 1 , 0x3)
Appendix C of the XKMS Vesion 2 Candidate Recommendation, entitled Sample Protocol Exchanges, contains examples of key derivations.
It might be more appropriate to call the derived quantities "Secret Keys" as opposed to "Private Keys".
There is another error in Section C.2.2 that I missed:
This line:
Base 64 Encoding of Pass Phrase Stage 1
PHx8li2SUhrJv2e1DyeWbGbD6rs=
should read:
Base 64 Encoding of Pass Phrase Stage 1
8GYiVK8zBD5E0q9Rq2Y/Gci0Zpo=
There is a part of the Schema defining "RequestSignatureValue" element in the Compound Request Section (par[127]) which I think it should appear before the beginning of this section, in par[126].
http://www.w3.org/2001/XKMS/Drafts/XKMS20030826/xkms-part-1.html
In the definition of the "StatusRequest" element (par[132]) it is said that it inherits the element attributes of "PendingRequestType", and the same can be understood from the Schema. However, the "ResponseId" attribute -which is already part of "PendingRequestType"- is defined there. To make it more confusing it is said to be Optional whereas in "PendingRequestType" it was Required. Should this reference be removed from there?
http://www.w3.org/2001/XKMS/Drafts/XKMS20030826/xkms-part-1.html
Maybe this is not so important, but in the Data Encryption Example (par[146]) a key is bound to bob @ "example.com" but then in par[147] the name used is bob @ "bobcorp.test". Of course the example is perfectly understandable but maybe both paragraphs should be consistent.
http://www.w3.org/2001/XKMS/Drafts/XKMS20030826/xkms-part-1.html
Need an editor for the last-call issues list.
Last update: $Date: 2004/01/16 19:56:38 $
This page was generated as part of the Extensible Issue Tracking System (ExIT)
Copyright © 2003, 2004 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply. Your interactions with this site are in accordance with our public and Member privacy statements.