Re: [TLS] Signature Algorithms

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 18 March 2015 03:07 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02B591A8A4A for <tls@ietfa.amsl.com>; Tue, 17 Mar 2015 20:07:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJJqg8vDq6MJ for <tls@ietfa.amsl.com>; Tue, 17 Mar 2015 20:07:15 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 8F1751A8A3E for <tls@ietf.org>; Tue, 17 Mar 2015 20:07:15 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 037A7F984; Tue, 17 Mar 2015 23:07:12 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 0321A201D3; Tue, 17 Mar 2015 20:07:07 -0700 (PDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: "Mehner, Carl" <Carl.Mehner@usaa.com>, Eric Rescorla <ekr@rtfm.com>, Dave Garrett <davemgarrett@gmail.com>
In-Reply-To: <19075EB00EA7FE49AFF87E5818D673D411463AF8@PRODEXMB01W.eagle.usaa.com>
References: <19075EB00EA7FE49AFF87E5818D673D41145FB0C@PRODEXMB01W.eagle.usaa.com> <201503171341.40315.davemgarrett@gmail.com> <CABcZeBNoVPi-8peRsdjksew0XDv=DnBnrqupk3zWoe+WVHXwSA@mail.gmail.com> <19075EB00EA7FE49AFF87E5818D673D411463AF8@PRODEXMB01W.eagle.usaa.com>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Tue, 17 Mar 2015 23:07:07 -0400
Message-ID: <87fv93knqc.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/B-fCykA2LPPrrBvyGOpeIQEWZGc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Signature Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2015 03:07:17 -0000

On Tue 2015-03-17 14:10:25 -0400, Mehner, Carl wrote:
> I’m not arguing for TLS 1.3 to drop support for SHA-1 (that’s up to
> the client configurer), I’m arguing for the TLS signature algorithms
> extension to not specify the signature of a root. This same argument
> applies for MD5 roots with long term SHA-1 end-entity certs.

The signature algorithm used in the self-signature a root certificate
shouldn't be relevant anywhere.  The root is either already trusted by
the peer (or identified via DANE-TA, in which case the digest
restrictions belong in DANE), or it is not.

TLS peers should never reject root certs on the grounds of the digest
algorithm within the root cert itself.

          --dkg