Re: [TLS] DSS with other than SHA-1 algorithms
Peter Gutmann <pgut001@cs.auckland.ac.nz> Fri, 29 April 2011 12:10 UTC
Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 172E3E071D for <tls@ietfa.amsl.com>; Fri, 29 Apr 2011 05:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.499
X-Spam-Level:
X-Spam-Status: No, score=-3.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4VqQghSsK8AX for <tls@ietfa.amsl.com>; Fri, 29 Apr 2011 05:10:42 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by ietfa.amsl.com (Postfix) with ESMTP id C5628E06C0 for <tls@ietf.org>; Fri, 29 Apr 2011 05:10:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1304079042; x=1335615042; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20juhovh@iki.fi,=20pgut001@cs.auckland.ac.nz |Subject:=20Re:=20[TLS]=20DSS=20with=20other=20than=20SHA -1=20algorithms|Cc:=20tls@ietf.org|In-Reply-To:=20<4DB7EB E7.8020705@iki.fi>|Message-Id:=20<E1QFmWo-0000Js-7O@login 01.fos.auckland.ac.nz>|Date:=20Sat,=2030=20Apr=202011=200 0:10:34=20+1200; bh=pX+Ck8WcLddKh1yEe//PE8LK61+4ncE8iFAqtxz2pEM=; b=Yr8MNwOmKI1t7LMliEBi/qXmwWzJWMcQgNiCKgKPoORMnRFdLVVCGs+b ALMl3EElwC+MzCk8mPPQ4UPi5DhgJmi6dFWzBVi0I4qhmWn1zjV6HYWyA jumZip0ptDEh9i1vR/CPcBRySHRIl4jUGxoVN9+0ohG+t0DP1hEpSaN3y k=;
X-IronPort-AV: E=Sophos;i="4.64,287,1301832000"; d="scan'208";a="59079326"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 30 Apr 2011 00:10:34 +1200
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QFmWo-00072H-H0; Sat, 30 Apr 2011 00:10:34 +1200
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QFmWo-0000Js-7O; Sat, 30 Apr 2011 00:10:34 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: juhovh@iki.fi, pgut001@cs.auckland.ac.nz
In-Reply-To: <4DB7EBE7.8020705@iki.fi>
Message-Id: <E1QFmWo-0000Js-7O@login01.fos.auckland.ac.nz>
Date: Sat, 30 Apr 2011 00:10:34 +1200
Cc: tls@ietf.org
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Apr 2011 12:10:46 -0000
=?ISO-8859-1?Q?Juho_V=E4h=E4-Herttua?= <juhovh@iki.fi> writes: >So every client sending a ClientHello SHOULD append the Supported Elliptic >Curves extension in ClientHello itself and therefore the selected curve >should be clear immediately after receiving the complete ServerHello >including ServerKeyExchange. Hmm, I'll try and explain this again... consider how the parts of the Client Hello are processed. For standard suites the server iterates through a list of suites and selects the most cromulent one. In my case I just have a list of suite IDs and parameters sorted in order of preference and select the lowest-ranked suite I find, I assume most implementations do something more or less similar. For the Chinese-menu suites, the server finds a Chinese menu selector and then has to skip the remaining suites and other parts of the hello and process the extensions to see whether what's in there matches up with that the Chinese- menu selector requested. For example if the Chinese menu said TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 but the supported-curves says P256 then you have to either hope the other side does the special-case X9.62 handling for hash truncation and gets it right (and I've never been able to find anything that does this to test mine against so who knows whether anything does do it, and does get it right), or not take the gamble and go back to the cipher suites and look for another Chinese-menu option, and then skip the rest of the hello and process the extension again to see if things work out now, and if that doesn't work either then go back ... In practice, with the servers I tried, it was hard enough just trying to figure out which basic combinations they supported (the usual response was a dropped connection or aborted handshake, so I had to use trial-and-error probing, and with some servers I never did figure out how to do more than one or two basic combinations), and I never got to the point of being able to interop test any of the more exotic combinations like e.g. hash truncation. So the sole purpose of this RFC is to try and indentify the common combinations of parameters that everyone seems to implement anyway and list them as conventional cipher suites, with no further parameterisation required. The intent is to try and document what everyone's doing already anyway. Peter.
- [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Dr Stephen Henson
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Hovav Shacham
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Simon Josefsson
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Geoffrey Keating
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Daniel Kahn Gillmor
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Jack Lloyd
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Paul Hoffman
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann