Re: [TLS] signature algorithm ID re-use
Martin Thomson <martin.thomson@gmail.com> Tue, 04 July 2017 22:50 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8600129AAD for <tls@ietfa.amsl.com>; Tue, 4 Jul 2017 15:50:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVSavK7tnGzc for <tls@ietfa.amsl.com>; Tue, 4 Jul 2017 15:50:31 -0700 (PDT)
Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFDA81292FD for <tls@ietf.org>; Tue, 4 Jul 2017 15:50:30 -0700 (PDT)
Received: by mail-lf0-x236.google.com with SMTP id z78so83484619lff.0 for <tls@ietf.org>; Tue, 04 Jul 2017 15:50:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lozLP4r1fAta7wurg2zprTtN/6HRnqj+bayJvnbdlhM=; b=ikGvVAHhSoW5eLW8cupVV9fNEKbuNqI3y5jBdGnHlDEL53SKjaOvq0OACxZKww5Ll0 c9X0mLNqhbqcMV5V2R7twfcKZIIS97redClIWW528+Yb2F7YbCs3PyagBk3LdT2OlqUB CTTpqG4zbHuUuHdSxloSLr9z85d13aZKvmiuqNIVezRpNP+s0JRjSPhl3trkYL0MT4yq 6LR6lvuZmGd/bQM69ZV7ZxfT/lldKO9GMDE/nGAY3sIV+h/xzs7DTFiFClHbZETR8Yp4 VGz4jIRN8u1MH3Elc5PGGOL3sjgAjS4xh8cCXg4EDKEHxa1u/YslQ0fMQuwqJCALxYnT jhBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lozLP4r1fAta7wurg2zprTtN/6HRnqj+bayJvnbdlhM=; b=DkRTVQvdt06uNul+TmQXnJ71k5ZbJzuRZ7p8GDRegwIWYijUvHOgFV1VkKmJ1C+Sbb S5AkD4+lJ2dDWZikfpCeY4t2dx0iY/BcjH0p1SokOyrf94bKt6WSSpIgLFWvZRf2yv+l NZmmulgt54xNH0BwmaqlOKI7HgZU16UiiMIiM0rW/Egd/zl9ajevfwUxKqBvTz1XlCtI nfxelaMliErVnEJBvU8Aky8Iot0qpenAfKBW5qfkMrLLuia2mH5bAV4U+PnUK2PoQq02 PWO87zuUZZDdVkDC1Vo5zSfYIq0nw6Zt4tntFqUhOBNTtp8J05V+5wJq7uX1ayesRjo7 Wxdg==
X-Gm-Message-State: AKS2vOzskhK6L5sqXOsWKcZDtxgjNxpr3mBR+QmiGtO9Dz3/tkBjPMqy zhMnZRf8lVCVQp2ve7fRa3RagyDclA==
X-Received: by 10.25.148.81 with SMTP id w78mr13854270lfd.169.1499208629211; Tue, 04 Jul 2017 15:50:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.69.84 with HTTP; Tue, 4 Jul 2017 15:50:28 -0700 (PDT)
In-Reply-To: <1499179408.2892.13.camel@redhat.com>
References: <1499179408.2892.13.camel@redhat.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 04 Jul 2017 15:50:28 -0700
Message-ID: <CABkgnnWZQwf03pDnPD1+8fpXx0dmni+vi3uz9TxLLx44ZLcu2A@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7pQ9kvCjE3QXgXY7ps-DPfGRV-g>
Subject: Re: [TLS] signature algorithm ID re-use
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 22:50:33 -0000
On 4 July 2017 at 07:43, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: > So my question is why not go for the simpler approach and create new > identifiers for the new signature algorithms? (similarly to RSA-PSS). > Is there an advantage of re-using the ECDSA signature algorithm > identifiers to mean something different in TLS 1.3? Was there some > discussion on the topic on the list? This was fairly extensively litigated. I remember Hannes asking exactly the same question, but I forget which in-person meeting it was. It might have been IETF 97. Unfortunately, any search I do on this subject turns up the hundreds of emails on using signature algorithms for selecting certificates. What I've found is that this isn't that difficult to implement correctly, even across versions. As David Benjamin suggested in earlier emails, you can change to using a 16-bit codepoint in your code. Then you add a curve-matching restriction if the selected version is TLS 1.3 (or greater). The only issues we had was with the functions it uses to configure the stack, but those are internal issues.
- [TLS] signature algorithm ID re-use Nikos Mavrogiannopoulos
- Re: [TLS] signature algorithm ID re-use Martin Thomson
- Re: [TLS] signature algorithm ID re-use Nikos Mavrogiannopoulos