Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extending SLIP 13 and SLIP 17 to accommodate synthesis of keys for certs #873

Open
skaht opened this issue Feb 11, 2020 · 1 comment
Open

Extending SLIP 13 and SLIP 17 to accommodate synthesis of keys for certs #873

skaht opened this issue Feb 11, 2020 · 1 comment

Comments

@skaht
Copy link

@skaht skaht commented Feb 11, 2020

Not sure precisely where to share this idea, but it is closely related to SLIP 13 (signature/authentication related keys) and SLIP 17(DH encryption related keys).

SLIPs 13 and 17 could be extended to accommodate decentralized lifecycle management of public private key pairs that may need to be rotated for whatever reasons:

  1. BIP 39 seed words are implicit
  2. BIP 39 passphrase is implicit
  3. SLIP 13 URI (e.g., mailto:scott@acompany.io )
  4. framework( e.g., OPENPGP, S/MIME ),
  5. tier (e.g., subkey, master ),
  6. pubkey algo ( e.g., ed25519, cv25519, secp256k1, rsa3072, rsa4096 ),
  7. key usage ( e.g.,
    PGP byte0: a. certify (0x01), b. sign (0x02), c. encrypt communications(0x04), d. encrypt storage (0x08), e. authentication, (0x20), f. private key split by a secret-sharing mechanism (0x10), g. key may be in the possession of more than one person (0x80)
    PGP byte1: a. may be used as an additional decryption subkey (ADSK) (0x04), b. may be used for timestamping (0x08)
    - https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-08#section-5.2.3.22
    S/MIME: a. digitalSignature, b. nonRepudiation, c. keyEncipherment, d. dataEncipherment, e. keyAgreement, f. keyCertSign, g. cRLSign, h. encipherOnly and i. decipherOnly
    - https://tools.ietf.org/html/rfc5280#section-4.2.1.3
    - https://www.openssl.org/docs/manmaster/man5/x509v3_config.html
  8. SLIP 13 index of the HD synthesized key pair to be synthesized. The index of the key can be incremented when the previous key is revoked or no longer used/needed.

Not specifying how these SLIPs should be modified, but the 8 sets of parameters identified above could influence the creation of essentially unique keys. There may be rationale for having other parameters to influence synthesis results. The intent here is to spark discussions.

@skaht

This comment has been minimized.

Copy link
Author

@skaht skaht commented Feb 11, 2020

SLIP 10 already handles secp256k1, ed25519, nistp256.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.