Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 with DSA client
Nikos Mavrogiannopoulos <nmav@gnutls.org> Sat, 19 February 2011 08:56 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8E7363A6E93 for <tls@core3.amsl.com>; Sat, 19 Feb 2011 00:56:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.724
X-Spam-Level:
X-Spam-Status: No, score=-3.724 tagged_above=-999 required=5 tests=[AWL=-0.125, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zANRJdtEkXV1 for <tls@core3.amsl.com>; Sat, 19 Feb 2011 00:56:29 -0800 (PST)
Received: from mail-ew0-f44.google.com (mail-ew0-f44.google.com [209.85.215.44]) by core3.amsl.com (Postfix) with ESMTP id 82D253A6DB5 for <tls@ietf.org>; Sat, 19 Feb 2011 00:56:29 -0800 (PST)
Received: by ewy8 with SMTP id 8so2053589ewy.31 for <tls@ietf.org>; Sat, 19 Feb 2011 00:57:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:message-id:date:from:user-agent :mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=1TJPHZRB90+8IjECAwqBi0wpReDrPoeZVWvmwu8ye58=; b=GaPQvhIHYSMpBU90oGIWgJ5dPZwiWt2wTJUSlu7+MPsdyzRveD1V2t3MAqZH3g2U23 M2y1gKUUhzbkKhkj7dFB+kPqfingEKVjbaFvMhu0POnQfuGCh4NfoAWe6wGrFUxpx4Bz ZICQNdGTkAkKWDsdIGaYEwt5E9DjwxKwxjDQs=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=e+ryp4sJ6pWSPgdk4seIcXny0DBtyfXlItanoxoLInqLnop3GEBFarjyp5jWtbDxQ1 PNXgEbSTrVbH5EBbIi85glw5TyHYAbUJPOG3HGNbzz2C/kcbWkl+Am+SmA9Xqf+eQt8g nfdoD9SpEQj3xn977RNIvFZ7QgZaRzzyqbBe4=
Received: by 10.213.109.199 with SMTP id k7mr2023444ebp.96.1298105824317; Sat, 19 Feb 2011 00:57:04 -0800 (PST)
Received: from [10.100.2.14] (78-23-65-69.access.telenet.be [78.23.65.69]) by mx.google.com with ESMTPS id t5sm2684709eeh.20.2011.02.19.00.57.02 (version=SSLv3 cipher=OTHER); Sat, 19 Feb 2011 00:57:03 -0800 (PST)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4D5F85DE.4040106@gnutls.org>
Date: Sat, 19 Feb 2011 09:57:02 +0100
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101208 Thunderbird/3.1.7
MIME-Version: 1.0
To: Michael D'Errico <mike-list@pobox.com>
References: <201102181928.p1IJSThD006475@fs4113.wdf.sap.corp> <7B07CE79-74A3-4CED-90E9-5910E67E90C7@iki.fi> <4D5F17B1.9030608@pobox.com>
In-Reply-To: <4D5F17B1.9030608@pobox.com>
X-Enigmail-Version: 1.1.2
OpenPGP: id=96865171
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 with DSA client
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Feb 2011 08:56:30 -0000
On 02/19/2011 02:06 AM, Michael D'Errico wrote: > The point of the signature_algorithms extension is to permit a graceful > upgrade of server certificates to using better than SHA-1 hash functions. > You couldn't just suddenly switch your server cert to one signed with > RSA/SHA-256 and expect every client to cope. It would certainly cause > problems for some. > To benefit from the extension, you would need to have two concurrent > server certificates: one signed with RSA/SHA-1, and another signed with > RSA/SHA-256. Then based on the signature algorithms presented by the > client, your TLS code would choose the best one. It's pretty bad that a single extension is being used for two distinct use-cases[0]. The use cases are: * Negotiate which signature algorithms to use for Server Key Exchange, and Certificate Verify messages. * Specify the signature algorithms allowed by a certificate sent by the server. There is no reason to assume that these are related. The first use-case applies to the server and client since they are the ones doing the signing. On this use case a reply to this extension with the selected algorithm is required to avoid caching all messages up to the point of signing. The latter use-case is relevant to the client only, and says, I don't accept a certificate that is not signed with any of these algorithms. The server however obtains his certificate already signed through a 3rd party (a CA), so there is little to do in the general case. This use-case does not require a reply to the extension from the server. I think that those extensions could be split into two to account for the different use-cases. regards, Nikos [0]. What if I have a security module doing TLS that supports only RSA-SHA256 for signatures, but I have no restriction for the verification of the certificates since this is done outside of the module?
- [TLS] TLSv1.2 with DSA client cert and key size >… Martin Rex
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Wan-Teh Chang
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Martin Rex
- [TLS] TLS v1.2 performance (was Re: TLSv1.2 with … Michael D'Errico
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Nikos Mavrogiannopoulos
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Dr Stephen Henson
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Martin Rex
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Dr Stephen Henson
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Martin Rex
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Kemp, David P.
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Wan-Teh Chang
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Yoav Nir
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Eric Rescorla
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Eric Rescorla
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Eric Rescorla
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Juho Vähä-Herttua
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Marsh Ray
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Juho Vähä-Herttua
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Juho Vähä-Herttua
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Kyle Hamilton
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Matt DeMoss
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Geoffrey Keating
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Geoffrey Keating
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Matt DeMoss
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Geoffrey Keating
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Sean Turner
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Martin Rex