Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Mon, 01 December 2014 09:33 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 181D01A1A19 for <tls@ietfa.amsl.com>; Mon, 1 Dec 2014 01:33:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6dlvkS1LnsxD for <tls@ietfa.amsl.com>; Mon, 1 Dec 2014 01:33:19 -0800 (PST)
Received: from emh04.mail.saunalahti.fi (emh04.mail.saunalahti.fi [62.142.5.110]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04B731A0145 for <tls@ietf.org>; Mon, 1 Dec 2014 01:33:19 -0800 (PST)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id 7971B1A2617; Mon, 1 Dec 2014 11:33:16 +0200 (EET)
Date: Mon, 01 Dec 2014 11:33:16 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Ryan Sleevi <ryan-ietftls@sleevi.com>
Message-ID: <20141201093316.GA4986@LK-Perkele-VII>
References: <9A043F3CF02CD34C8E74AC1594475C739B9F7A14@uxcn10-tdc05.UoA.auckland.ac.nz> <9FE323BF-2650-4EA3-9CBB-B46CF3A00298@pahtak.org> <CABkgnnV4JUoS3jV_vp4KV_xX-wdXa4ART7gtMd7BUZMapELRLw@mail.gmail.com> <6d8b33a4d2ed0a285450e3872bc155e7.squirrel@webmail.dreamhost.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <6d8b33a4d2ed0a285450e3872bc155e7.squirrel@webmail.dreamhost.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/AIFLWAMvvSmMN4PpMt7C-BFgSS8
Cc: Stephen Checkoway <s@pahtak.org>, tls@ietf.org
Subject: Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 09:33:21 -0000
On Mon, Dec 01, 2014 at 12:56:38AM -0800, Ryan Sleevi wrote: > > Plus, there are plenty of libraries where the ciphersuite implementation > is semi-independent of the certificate validation. > > Perhaps the largest deployment is Chrome, which uses a separate TLS > library (NSS, BoringSSL) than its PKI validation (OS APIs such as > CryptoAPI, Security.framework, or Android Keychain Services). You can > certainly have skew where the TLS client supports a modern suite of > algorithms, but the underlying platform does not. On Windows XP, this is > the SHA-2 family (pre-SP3) and ECDSA (pre-Vista), and on OS X, some > releases had some buggy ECDSA handling. > > There are also a number of embedded TLS stacks that provide the > cryptographic framework for TLS, but then defer to external components (or > hardware) for trust validation. > > I just mention these as real world cases where ciphersuites alone are > insufficient (although SignatureAndAlgorithms generally is... except where > it isn't) Plus, it is easier to implement just ECDH than ECDSA over given curve, so implementations that can do ECDH over curve X but not ECDSA over curve X (but can do ECDSA over some other curve) should not be surprising. This might especially be so for CFRG curves. Vice versa might also happen (can do ECDSA over X, but not ECDH over X). Also, the algorithm lists can't specify restrictions like that ECDSA P-256 only works with SHA-256 and P-384 only works with SHA-384 (because code to do P-256 with SHA-384 is buggy). -Ilari
- [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Nikos Mavrogiannopoulos
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Ryan Sleevi
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Ilari Liusvaara
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Jeffrey Walton
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex