Re: [TLS] regd. signature algorithm 0x0804 (rsa_pss_rsae_sha256) use in TLSv1.2 CertificateVerify

David Benjamin <davidben@chromium.org> Tue, 20 November 2018 18:07 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 009BE130DCF for <tls@ietfa.amsl.com>; Tue, 20 Nov 2018 10:07:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.72
X-Spam-Level:
X-Spam-Status: No, score=-9.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e_0HkjTrDOu8 for <tls@ietfa.amsl.com>; Tue, 20 Nov 2018 10:07:52 -0800 (PST)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38815130DC8 for <tls@ietf.org>; Tue, 20 Nov 2018 10:07:52 -0800 (PST)
Received: by mail-qt1-x829.google.com with SMTP id n32so1017201qte.11 for <tls@ietf.org>; Tue, 20 Nov 2018 10:07:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=87YvRv+rmaO3aZE7+3z9J3HyPg/SMXUx8u0XdYQ5MMM=; b=cXwdX0ulvlzaakPwaAeiD5A8IDRcf5bCn1/2Jr1w48pFOLGDFRM5nFHjXcrL6wdYuA 0M4hmqkLb1RV2ocPK3h3jZWOmO81enx4dOrNFI/sS0KDeTr9xZZEQhwXe7pXyhvJT9E2 Gy8HngnL3yhKV5QgBDqt387Xrbc5iwMEWCtrg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=87YvRv+rmaO3aZE7+3z9J3HyPg/SMXUx8u0XdYQ5MMM=; b=OhN6PdtJuhjUz9D53LsyZL2IAv1xuNWN3Hh+1cW9G7PE2wbL0vlOcVgNdqOENLyevw JhWqi9NU01IyHWOC6azjKu7HJUgfqm5DzxJYP9b6EWAzBc11r4JYzLPTpRQQ78KVncVZ 9YSNobWM07zYEKeY9Youfp0HHCXscLsff+BlobCTyICyXAuooUbaQTH2T5iEWwhgzT38 Fq1eP158YVhqE4MrH8JvS4LAqynslzQXl+vsmpxFq4BGw0WSVY7twM71HZH1+SZXCRsY I+uLcv5BVTei/z+7tuh2l21NZNMsseoEkNElOOsdaDOWCCF3jEd4/ssQjJoFNrmOK0bK 68Lg==
X-Gm-Message-State: AGRZ1gIanoOPNmcu2h/T4iooQHmflb8jaVqo+E3fdOb7+KYwaAxyISNo d61DdRJ6+RqpN9+/KpzfkPHeN7DIfXZ8txo5o6iH
X-Google-Smtp-Source: AJdET5ftm2lA9bJIDb7XdkQoF+Gvx0CaPsMCf31pFJkH5VqszwUrq4bCoxEA9CJq+X1qJhRavJYvuvaVHAJrFLGeHnc=
X-Received: by 2002:ac8:2fdc:: with SMTP id m28mr3086842qta.202.1542737270821; Tue, 20 Nov 2018 10:07:50 -0800 (PST)
MIME-Version: 1.0
References: <CAG5P2e8SY8JsraV9R5MPe35hr2t5TWFmPZ=3gh0vrDW=i-AjDw@mail.gmail.com> <CAG5P2e9vA0X1jAh+s_JKBCC6aYE_8SZ2kFvH2gO3Z4e8CEP6yA@mail.gmail.com>
In-Reply-To: <CAG5P2e9vA0X1jAh+s_JKBCC6aYE_8SZ2kFvH2gO3Z4e8CEP6yA@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Tue, 20 Nov 2018 12:07:39 -0600
Message-ID: <CAF8qwaByvv51SrKdxVwjfecGvtSEvfpqqdWur8Rsdig7P8Jh2g@mail.gmail.com>
To: M K Saravanan <mksarav@gmail.com>
Cc: tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000031d55057b1c83ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/8b0HOH72ktNUHuZJMr-2WvN7XF8>
Subject: Re: [TLS] regd. signature algorithm 0x0804 (rsa_pss_rsae_sha256) use in TLSv1.2 CertificateVerify
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 18:07:54 -0000

Yes, this is correct.

On Tue, Nov 20, 2018 at 10:35 AM M K Saravanan <mksarav@gmail.com>; wrote:

> Hi,
>
> RFC8446:
> =================================================
> 4.2.3.  Signature Algorithms
>
> [...]
> -  Implementations that advertise support for RSASSA-PSS (which is
>       mandatory in TLS 1.3) MUST be prepared to accept a signature using
>       that scheme even when TLS 1.2 is negotiated.  In TLS 1.2,
>       RSASSA-PSS is used with RSA cipher suites.
>
> =================================================
>
> The above paragraph gives me an impression that, in TLSv1.2, if
> CertificateRequest message advertise 0x0804, then the client can sign
> the CertificateVerify message with 0x0804 if client cert is RSA.
>
> 0x0804 = rsa_pss_rsae_sha256
>
> Can some one please confirm whether my understanding is correct?
>
> with regards,
> Saravanan
>
> On Wed, 21 Nov 2018 at 00:27, M K Saravanan <mksarav@gmail.com>; wrote:
> >
> > Hi,
> >
> > If a TLSv1.2 Certificate Request message contains 0x0804
> > (rsa_pss_rsae_sha256) as one of the supported signature algorithms,
> > can a client sign the CertificateVerify message using that algorithm?
> > (client cert is RSA).  Is it allowed in TLSv1.2?
> >
> > with regards,
> > Saravanan
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>