IETF Logo Mail Archive

Re: [TLS] Summary of discussion regarding spontaneuous authentication

Manuel Pégourié-Gonnard <mpg@polarssl.org> Wed, 22 October 2014 14:31 UTC

Return-Path: <mpg@polarssl.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B27581AC41D for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 07:31:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.747
X-Spam-Level:
X-Spam-Status: No, score=0.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_FR=0.35, HELO_MISMATCH_COM=0.553, HOST_EQ_NL=1.545, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id esLE4yP0OR8l for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 07:31:06 -0700 (PDT)
Received: from vps2.offspark.com (vps2.brainspark.nl [141.138.204.106]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC6231AC3E6 for <tls@ietf.org>; Wed, 22 Oct 2014 07:31:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=polarssl.org; s=exim; h=Subject:Content-Transfer-Encoding:Content-Type:In-Reply-To:References:CC:To:MIME-Version:From:Date:Message-ID; bh=ci/WWmT97vwKrSh4tPIee4nV1ipgLZ8O3BgjQI5nGPo=; b=PPBKEyBwqMuRYzVWIypEKGwxDZG1t/3+WmxxiAMIMyewc1tZ0lqU/uio8GNhWDrQ70izZ3Oly89D34R1nyqypBq3mNuPPYO2W0q+bAZOwUH8MKUswNKVvc8oVhCdCWN251faAFrBABG1WfSrup1ootdx49DShz/V5Z97yXhkWZo=;
Received: from guest-rocq-135165.inria.fr ([128.93.135.165]) by vps2.offspark.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mpg@polarssl.org>) id 1XgwwE-0007FM-SW; Wed, 22 Oct 2014 16:30:59 +0200
Message-ID: <5447BFA2.3030007@polarssl.org>
Date: Wed, 22 Oct 2014 16:30:58 +0200
From: Manuel Pégourié-Gonnard <mpg@polarssl.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Martin Thomson <martin.thomson@gmail.com>
References: <CABkgnnUAhEV=wLZyTew=ne7VgSq50XYR3Fo5EfjNXc8=_hbpyg@mail.gmail.com> <CABkgnnXAk+HU2yaUJdOQ0w-heHwYrPK6Zf3HrH5tU+2Tk7_cCA@mail.gmail.com> <20141022125359.GA18704@LK-Perkele-VII> <CABkgnnW=aVzsi+cq=icpn4z9PjFuoiu_LQz_mnfeyPPom6LROQ@mail.gmail.com> <20141022132623.GA19894@LK-Perkele-VII>
In-Reply-To: <20141022132623.GA19894@LK-Perkele-VII>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 128.93.135.165
X-SA-Exim-Mail-From: mpg@polarssl.org
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on vps2.offspark.com)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/EaKCwXG9hUqgoAF9Bb2WM-ZftPU
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 14:31:06 -0000

On 22/10/2014 15:26, Ilari Liusvaara wrote:
> The relevant values of certificate_types look to be:
> - rsa_sign (RSA signature)
> - dss_sign (DSA signature)
> - ecdsa_sign (ECDSA signature)
> 
I think the point is, a client is actually quite unlikely to have many
certificates for the same server, distinguished only by the key type, so that
this information is generally not useful at all for certificate selection.

> Especially supported_signature_algorithms looks to belong to TLS
> layer (and also arguably certificate_types).
> 
Same as above.

Manuel.

v2.23.0 | Report a Bug | By Email