Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define accepted log public keys #25

Open
sleevi opened this issue Feb 18, 2020 · 2 comments
Open

Define accepted log public keys #25

sleevi opened this issue Feb 18, 2020 · 2 comments
Assignees
@devonobrien

Comments

@sleevi
Copy link
Contributor

sleevi commented Feb 18, 2020

The Chromium implementation of CT is limited in support of public keys to the set of public keys it accepts for the Web PKI:

  • RSA (nominally, 2048, 3072, 4096)
  • ECC using NIST P-256, P-384

The Chromium implementation does not explicitly support Curve25519, although it could, and does not support other forms of EC keys.
@devonobrien
Copy link
Collaborator

We also need to check what key algs our compliance monitoring infrastructure supports to provide the minimal set of supportable key types.

@devonobrien
Copy link
Collaborator

Also, of note is Section 2.1.4 of RFC 6962 which states:

Various data structures are signed. A log MUST use either elliptic
curve signatures using the NIST P-256 curve (Section D.1.2.3 of the
Digital Signature Standard [DSS]) or RSA signatures (RSASSA-PKCS1-
V1_5 with SHA-256, Section 8.2 of [RFC3447]) using a key of at least
2048 bits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@devonobrien devonobrien

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sleevi @devonobrien