IETF Logo Mail Archive

Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)

Yoav Nir <ynir.ietf@gmail.com> Wed, 08 July 2015 19:25 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE0C21A1BA4 for <tls@ietfa.amsl.com>; Wed, 8 Jul 2015 12:25:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRaOw4I5YxSC for <tls@ietfa.amsl.com>; Wed, 8 Jul 2015 12:25:36 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E01B21A1B9A for <tls@ietf.org>; Wed, 8 Jul 2015 12:25:35 -0700 (PDT)
Received: by wiclp1 with SMTP id lp1so89912824wic.0 for <tls@ietf.org>; Wed, 08 Jul 2015 12:25:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=nvQ4dRS4EWtnt/rfKA1v6yVWhNagrzvVwYOXkp1cwGg=; b=Yxn781v831iIbUTRwRFMhUI8p2goH1XqVDDNVrTCC+jtwexHfxOO2LOiS1WdpHElXm pwAeys62Nvub4XLC+B2/z/IYWcIDBNDNWYFZ9dD95c6dLWJqy17QvHlNTxKjfgCCv/lv G77ZeFakYznFU2DDV5Foo+hSPJlCWa2HPwpzn5sc1hG+vFD42IBHGZPNlrCFlFVLXY8/ WS4lw263mIffH1fIzeHg0TlQo+Qe0kdpL0YhS5/BRFtXFRY8TSMdqTOhEsEQHCw+Ae6z /xrQ+ZnMn71kMKndo8srr4h1oACFbMEXUbu3xSiYzu2awRSlObINq72HmlWVbWq9KYh8 CLyA==
X-Received: by 10.180.211.196 with SMTP id ne4mr116469692wic.23.1436383534711; Wed, 08 Jul 2015 12:25:34 -0700 (PDT)
Received: from [192.168.1.15] ([46.120.13.132]) by smtp.gmail.com with ESMTPSA id q9sm4390488wiz.23.2015.07.08.12.25.33 for <tls@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 08 Jul 2015 12:25:33 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20150708182737.GW21534@mournblade.imrryr.org>
Date: Wed, 08 Jul 2015 22:25:31 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <1E312BED-3880-4B56-9E5A-47084A99712E@gmail.com>
References: <201507071242.23235.davemgarrett@gmail.com> <201507071257.26088.davemgarrett@gmail.com> <CABcZeBNxW6jaf=HZFvm56K5pKeLD4GyNXOimUHUCt34r_76Vzw@mail.gmail.com> <20150707205858.GH21534@mournblade.imrryr.org> <CABkgnnXZ9HmW2BHrda3s9LMVUzZbdbdD2yKU84w2W8roycJ-xg@mail.gmail.com> <a774e57216864bbebefa3b38bb65c183@ustx2ex-dag1mb2.msg.corp.akamai.com> <CABkgnnXpboFmkgr37aWsNdm-OfvVwyd0jW4HHYuGMXht6=CjRA@mail.gmail.com> <D1C2C216.1BAA0%uri@ll.mit.edu> <d7b48bbb16e2425cb2e97c9f4daf170a@ustx2ex-dag1mb2.msg.corp.akamai.com> <C4BEE033-F214-450A-A8BC-BA1C4A8CDE14@gmail.com> <20150708182737.GW21534@mournblade.imrryr.org>
To: tls@ietf.org
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/3dykH2R78vk2ZRGUwQ5yymuYK-o>
Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 19:25:37 -0000

> On Jul 8, 2015, at 9:27 PM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
> On Wed, Jul 08, 2015 at 09:08:39PM +0300, Yoav Nir wrote:
> 
>> It's possible that a single user might be issued multiple certificates,
>> but they will be from different CAs, and choosing a client certificate
>> based on CA will work. I don't see any use case for a corporate CA to
>> issue multiple certificates to the same user or device with different
>> algorithms. This is at least true for my use cases.
> 
> Are root-CA self-signatures subject to the algorithm compatibility
> requirements on intermediate and leaf certificates?  I was under
> the impression that root-CA self-signatures were exempted from such
> a constraint.

Root CAs are not subject to any restrictions.  What I meant was that the same user (or more to the point - the same device) can have multiple certificates from multiple CAs for multiple applications. For example, the user’s employer might have a corporate portal with user certificates issued by the corporate CAs. Her employer may have also deployed an SSL VPN solution that uses its own bundled CA to issue certificates, and maybe the user’s bank also issues certificates (there were a few of those in the 90s and early 00s, but they have mostly given up on that).  

Choosing which of these certificates to use is easy - the CA DN is in the certificate request, and each portal asks for exactly one CA. 

If instead we lived in a world where client certificates were provided from commercial CAs, we would have trouble - perhaps the same CA issued both the bank certificates and the SSL VPN certificate. How would the browser know to send the correct identity? I don’t know the answer to this hypothetical question about a hypothetical problem in a hypothetical situation, but I’m pretty sure the answer is not to hope that the CA issues certificates with different algorithms.

Yoav

v2.23.0 | Report a Bug | By Email