[TLS] Signature Algorithms
"Mehner, Carl" <Carl.Mehner@usaa.com> Sun, 15 March 2015 03:40 UTC
Return-Path: <prvs=0516c84b05=carl.mehner@usaa.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 604E21A0AF1 for <tls@ietfa.amsl.com>; Sat, 14 Mar 2015 20:40:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.011
X-Spam-Level:
X-Spam-Status: No, score=-7.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvpEEO_IY6j9 for <tls@ietfa.amsl.com>; Sat, 14 Mar 2015 20:40:44 -0700 (PDT)
Received: from prodomx02.usaa.com (prodomx02.usaa.com [167.24.25.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44CFA1A03A9 for <tls@ietf.org>; Sat, 14 Mar 2015 20:40:43 -0700 (PDT)
Received: from pps.filterd (prodomx02.usaa.com [127.0.0.1]) by prodomx02.usaa.com (8.14.7/8.14.7) with SMTP id t2F3ZtPm028691; Sat, 14 Mar 2015 22:40:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=usaa.com; h=from : to : cc : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=201408; bh=Wr1ibySFVHIvHtyUXlDYiqmrNSgP1irhYUW9uGHaeWQ=; b=WeUgukt1WJaYhUwed4pkcQIxoYi1OKsD1vRgGJHUTI8/UFaRSq1Mb1w7kuRzjh0MZFsW ByHzkVeEMiXRaydZ08bdyI51WmpYxtRS0pU1X4zuQRJl0L4L/vPCjEymEwPl/H2bFtX2 CGlUr5eL1tqoWjWO+Ju3TKMuyrSUwVsX0jZUwpJGu3dtj/Js3OAt0PP0yxBOaYcHQUJS kjoDGB19tArUoWa3BVW2plS764BjJNruyisgHRk414al22QZOwn6/WpSf0ypET+zqc2Y 8L4FWuO7stBMRIxaRsGwcpQru+aLuSGGpJUErNn/dVeI8JCyBE+4Pfjg+fPC5SlJ7aU6 KQ==
Received: from prodexch06w.eagle.usaa.com (prodexch06w.usaa.com [10.170.40.22]) by prodomx02.usaa.com with ESMTP id 1t36ba7ndd-1; Sat, 14 Mar 2015 22:40:41 -0500
Received: from PRODEXCH01W.eagle.usaa.com (10.70.41.151) by PRODEXCH06W.eagle.usaa.com (10.170.40.22) with Microsoft SMTP Server (TLS) id 14.3.158.1; Sat, 14 Mar 2015 22:40:41 -0500
Received: from PRODEXMB01W.eagle.usaa.com ([169.254.1.159]) by PRODEXCH01W.eagle.usaa.com ([10.70.41.151]) with mapi id 14.03.0158.001; Sat, 14 Mar 2015 22:40:41 -0500
From: "Mehner, Carl" <Carl.Mehner@usaa.com>
To: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: Signature Algorithms
Thread-Index: AQHQXmX8asKK2lJ1wUKslyiYez0tCg==
Date: Sun, 15 Mar 2015 03:40:38 +0000
Message-ID: <19075EB00EA7FE49AFF87E5818D673D41145FB0C@PRODEXMB01W.eagle.usaa.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [104.191.4.19]
x-c2processedorg: b8bcc573-fb52-4e08-924e-ca559c360d81
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Direction: FromExch
X-Proofpoint-Direction: Internet
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68, 1.0.33, 0.0.0000 definitions=2015-03-14_02:2015-03-13,2015-03-14,1970-01-01 signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/89oGCLUuToqIJKaJ0A63CFbGII0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: [TLS] Signature Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Mar 2015 03:40:46 -0000
>I believe we are going to remove this entire field and its associated >code points because it is redundant with the signature algorithms. sounds good. Speaking of Signature Algorithms, what do you think of this? Since root certificates are trusted by their identity rather than the signature I think that amendments to the text in the Server Certificates and Certificate Request sections are necessary. As we move into a world that lacks trusted SHA-1 signatures, a change in the text would be necessary in order for clients that drop SHA-1 from the supported hash algorithms to continue to connect to servers that send a certificate_list that includes roots signed with SHA-1. This has been an issue recently with a browser that did not include the MD2 signature algorithm in this client extension. When it encountered a certificate that sends the root in the certificate_list, the client closes the connection (likely before evaluating if there was an alternate trusted chain). I can see this being an issue in the future with the SHA-1 2048-bit roots. In the Server Certificates section: OLD: If the client provided a "signature_algorithms" extension, then all certificates provided by the server MUST be signed by a hash/signature algorithm pair that appears in that extension. Note that this implies that a certificate containing a key for one signature algorithm MAY be signed using a different signature algorithm (for instance, an RSA key signed with a DSA key). This is a departure from TLS 1.1, which required that the algorithms be the same. NEW: If the client provided a "signature_algorithms" extension, then all certificates provided by the server, except for the self-signed root CA certificate, MUST be signed by a hash/signature algorithm pair that appears in that extension. Note that this implies that a certificate containing a key for one signature algorithm MAY be signed using a different signature algorithm (for instance, an RSA key signed with a DSA key). This is a departure from TLS 1.2, which required that all provided certificate signature algorithms be included in the client extension regardless of whether or not they were evaluated. Likewise in the Certificate Request section, OLD: - Any certificates provided by the client MUST be signed using a hash/signature algorithm pair found in supported_signature_algorithms. NEW: - Any certificates provided by the client, except for the self-signed root CA certificate, MUST be signed using a hash/signature algorithm pair found in supported_signature_algorithms.
- [TLS] Signature Algorithms Mehner, Carl
- Re: [TLS] Signature Algorithms Eric Rescorla
- Re: [TLS] EXTERNAL: Re: Signature Algorithms Mehner, Carl
- Re: [TLS] Signature Algorithms Dave Garrett
- Re: [TLS] Signature Algorithms Hubert Kario
- Re: [TLS] Signature Algorithms Viktor Dukhovni
- Re: [TLS] Signature Algorithms Viktor Dukhovni
- Re: [TLS] Signature Algorithms Dave Garrett
- Re: [TLS] Signature Algorithms Viktor Dukhovni
- Re: [TLS] Signature Algorithms Mehner, Carl
- Re: [TLS] Signature Algorithms Daniel Kahn Gillmor