IETF Logo Mail Archive

Re: [TLS] BoringSSL's TLS test suite

Adam Langley <agl@imperialviolet.org> Sun, 25 September 2016 21:49 UTC

Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA65412B03D for <tls@ietfa.amsl.com>; Sun, 25 Sep 2016 14:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1avLhBi94Vn for <tls@ietfa.amsl.com>; Sun, 25 Sep 2016 14:49:28 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CA8B12B01F for <tls@ietf.org>; Sun, 25 Sep 2016 14:49:28 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id j69so29445912itb.0 for <tls@ietf.org>; Sun, 25 Sep 2016 14:49:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=K1VgR7WEqBY4KVEO2t9XsmdiGL/bEW8ByCrzhAySasw=; b=aBZW+t4YqAgDo0qwuUCXk2RnTPtBc9oMeD+s6a9JFDch7lOGabUF+J330p1eavBEbn SxGoCdGfm/iVboQNRY17RtlaGUCI5UK8+V86vzUh+rGTt4xUP/1hrwP4m600YPcUZeJh E5gtNXmRexL+OV49GlPbfXtuZPrjOOIXrJ4UhV7q6QgBIt2AtjPG0NKHLz9GhUsST6b1 dQ/otSmRj8PrKvpNL9uwJQlwdBl6PHFOHRkfFtyu4b49+CEVNL1Qkmh0RXbuUDpzH+C3 BHgkNDObXub2FJi8lDodIi74bBPNHgyHVwQFEgNHGrsTiYF3fcCueadpVj1pXbvb1eBj 1sVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=K1VgR7WEqBY4KVEO2t9XsmdiGL/bEW8ByCrzhAySasw=; b=V3Kz58pw6XeNwSgQ3eoqug1rpzCQzM7Xx+hThWunLR2uOHk7ZFxmRjxNPfVmmEHQA+ YFYukz0vTEMwjpE9QC1q7gL2yHs5vU+bKzOczV84gOL5SVQse6uvdk+1adStn+VhFeJN oHfJXZ1ZEvMtZNTtxcSovz9hIMrXm0IATNIXhCjWAGR4nsemcsCXgJdG/cyK1fs1y7jh +dNagZGeFSUzj1NwksI1ghGiYRuEBWYrb8WPt1Yxn7T2loQUJhx9TBcACzJt9pVaztao iu2fLjRzhOgUgihw4B8UynUzLEchAFaYzGUiL5pwmPIQKc8P+xDyH5Xq679/F++TQKjU OVkQ==
X-Gm-Message-State: AA6/9Rm5qBOqTAbAL3FZV1EjJOzmuXc+M+1N2uRNynp2I3HQcZdoh5k2qY+ERh5K8dMUMGi7GrnXYMujH58kAA==
X-Received: by 10.36.193.130 with SMTP id e124mr13531373itg.53.1474840167945; Sun, 25 Sep 2016 14:49:27 -0700 (PDT)
MIME-Version: 1.0
Sender: alangley@gmail.com
Received: by 10.79.138.198 with HTTP; Sun, 25 Sep 2016 14:49:27 -0700 (PDT)
In-Reply-To: <227dcca5-6549-3b71-1ceb-23686df822bb@streamsec.se>
References: <CAF8qwaBQkVy+wcK1-NFctBepV7TW93YmmPnxS2WoJ6F6=v-aEg@mail.gmail.com> <c70c6db3-5d1c-d2db-1e37-f8849166786e@streamsec.se> <CAF8qwaAQYwW9s0E_V-TqHhTqL9sBhobzsGUch5TDQynK2VNfEw@mail.gmail.com> <227dcca5-6549-3b71-1ceb-23686df822bb@streamsec.se>
From: Adam Langley <agl@imperialviolet.org>
Date: Sun, 25 Sep 2016 14:49:27 -0700
X-Google-Sender-Auth: Ss_82E0wnv7tIXMD7VqtFV8ifX4
Message-ID: <CAMfhd9X7fHQbzi-DDXOrX2+M6PLbhg+rimg=BfB-QN16mH6Uyg@mail.gmail.com>
To: henrick@streamsec.se
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/C92xQmY6NHTeyCwjL2K2622sj3A>
Cc: David Benjamin <davidben@google.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] BoringSSL's TLS test suite
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Sep 2016 21:49:31 -0000

On Sun, Sep 25, 2016 at 2:35 PM, Henrick Hellström <henrick@streamsec.se> wrote:
> Then again, the ASN.1 module in https://datatracker.ietf.org/doc/rfc5280/
> says differently. Strictly speaking, RFC 3279 does not override the PKIX
> specification when it comes to X.509 certificates; only for formats such as
> RSA PUBLIC KEY that rely solely on the ASN.1 module in RFC 3279.

To answer your original question then, this is intentional.

While there are certainly differences of opinion about the
applicability of Postel's law in this space, in practical terms
requiring a NULL in this location empirically has very good
compatibility and we don't like adding flexibility without good
reason.


Cheers

AGL

-- 
Adam Langley agl@imperialviolet.org https://www.imperialviolet.org

v2.23.0 | Report a Bug | By Email