Re: [TLS] Updated TLS 1.2 I-D

Eric Rescorla <ekr@networkresonance.com> Tue, 27 June 2006 14:24 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FvEUe-0005FO-OZ; Tue, 27 Jun 2006 10:24:44 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FvEUb-0005F8-QI for tls@ietf.org; Tue, 27 Jun 2006 10:24:41 -0400
Received: from raman.networkresonance.com ([198.144.196.3]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FvEUZ-0001Xr-EE for tls@ietf.org; Tue, 27 Jun 2006 10:24:41 -0400
Received: by raman.networkresonance.com (Postfix, from userid 1001) id 4BDA21E8C1F; Tue, 27 Jun 2006 07:24:38 -0700 (PDT)
To: "Anyang Ren" <anyang.ren@gmail.com>
Subject: Re: [TLS] Updated TLS 1.2 I-D
References: <20060625170241.E4704222425@laser.networkresonance.com> <39932b4c0606270721v19ecbed6j5fe129a42a99f106@mail.gmail.com>
From: Eric Rescorla <ekr@networkresonance.com>
Date: Tue, 27 Jun 2006 07:24:38 -0700
In-Reply-To: <39932b4c0606270721v19ecbed6j5fe129a42a99f106@mail.gmail.com> (Anyang Ren's message of "Tue, 27 Jun 2006 07:21:24 -0700")
Message-ID: <86d5cu7k2h.fsf@raman.networkresonance.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: EKR <ekr@networkresonance.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

"Anyang Ren" <anyang.ren@gmail.com>; writes:

> On 6/25/06, Eric Rescorla <ekr@networkresonance.com>; wrote:
>> I've submitted an update TLS 1.2 I-D an in the meantime
>> you can find it at:
>>
>> http://scm.sipfoundry.org/rep/ietf-drafts/ekr/tls/tls.txt
>
> In Section 1.1 Differences from TLS 1.1, you have:
>
>      - Replacement of MD5/SHA-1 combination in the PRF
>
>      - Replacement of MD5/SHA-1 combination in the digitally-signed
>      element.
>
> Are you going to replace the MD5/SHA-1 combination in the
> verify_data field of the Finished message?

It's already done. The PRF is used to create the verify_data.


> The "Hash" algorithm used in RSA signatures is the same hash
> algorithm used in the signature of the certificate.  Although this
> is a simple way to choose the "Hash" algorithm, the chosen hash
> algorithm really reflects the capability of the CA that issued the
> certificate as opposed to the capability of the certificate's subject
> (the server or the client). For example, the CA may sign a server
> certificate that contains an RSA public key using DSA, and "Hash"
> would be SHA-1 because the signature of the certificate is a DSA
> signature.

Yes. This is a hueristic, but it's the one we have. Since it seems
like a generally safe assumption that you can verify your own
cert, I don't think there's a problem here.


> The DSS signatures are hardcoded to use SHA-1. Are you planning
> to support extensions of DSA for the SHA-2 algorithms (as in Draft
> FIPS 186-3)?

Yes.


> Any interest in adding SHA-384 to the enumerated HashType defined
> in 7.4.1.4.7? The current definition of HashType seems to imply that
> CAs don't plan to sign certificates with SHA-384 in the signatures.

I don't personally hear much interest in that. How do other
WG members feel?

-Ekr

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls