Re: [TLS] Signed messages should be prefixed with a NUL-terminated context string.

Nikos Mavrogiannopoulos <nmav@redhat.com> Wed, 26 November 2014 07:40 UTC

Return-Path: <nmavrogi@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 149391A0018 for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 23:40:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E5uHtMDgDDzN for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 23:40:13 -0800 (PST)
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E3341A1B9C for <tls@ietf.org>; Tue, 25 Nov 2014 23:40:13 -0800 (PST)
Received: from zmail22.collab.prod.int.phx2.redhat.com (zmail22.collab.prod.int.phx2.redhat.com [10.5.83.26]) by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id sAQ7eDWW012748; Wed, 26 Nov 2014 02:40:13 -0500
Date: Wed, 26 Nov 2014 02:40:12 -0500 (EST)
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <860778484.3559563.1416987612674.JavaMail.zimbra@redhat.com>
In-Reply-To: <CABcZeBMmFWOoh6Av=eAaMi6AA1Kb7X41Efie-0PuRZWwPPVz_A@mail.gmail.com>
References: <CAMfhd9XgR-N6BZVLojfyf6E2+0fhYVHopp5FKALoup_GjTji5A@mail.gmail.com> <CABcZeBMmFWOoh6Av=eAaMi6AA1Kb7X41Efie-0PuRZWwPPVz_A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.5.82.6]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF31 (Linux)/8.0.6_GA_5922)
Thread-Topic: Signed messages should be prefixed with a NUL-terminated context string.
Thread-Index: se3lQURv69/UGYFxKHBKpZG8LoC9vA==
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/2TTpn1TD7eGS-CnSXo6bToybpL0
Cc: tls@ietf.org
Subject: Re: [TLS] Signed messages should be prefixed with a NUL-terminated context string.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 07:40:18 -0000

----- Original Message -----
> This seems like a good idea. Thanks for raising it.

An additional issue of switching to the new CertificateVerify
format for client and server, is that privilege separation for
authentication is not possible any more.

On a previous mail I was asking for that feature to be extended for the 
server as well:
http://www.ietf.org/mail-archive/web/tls/current/msg13398.html

Was the removal of that protocol feature intentional?

If not I'd suggest the following format for the signatures:
      struct {
           digitally-signed struct {
               opaque client_random[32];
               opaque server_random[32];
               opaque handshake_messages[handshake_messages_length];
           }
      } CertificateVerify;

regards,
Nikos