[TLS] Mail regarding draft-ietf-tls-rfc4346-bis
Urmas Vanem <urmas.vanem@octox.eu> Thu, 21 March 2019 11:16 UTC
Return-Path: <urmas.vanem@octox.eu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A97C0130FCF for <tls@ietfa.amsl.com>; Thu, 21 Mar 2019 04:16:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=octoxplc.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i0vAcQtILDMt for <tls@ietfa.amsl.com>; Thu, 21 Mar 2019 04:16:20 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70123.outbound.protection.outlook.com [40.107.7.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9334F130F6A for <tls@ietf.org>; Thu, 21 Mar 2019 04:16:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=OctoXPLC.onmicrosoft.com; s=selector1-octox-eu; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qmjmcFpmUKRt1aQOqw/1CxyS6gSR7uJyg4/T5Fmx++w=; b=IAa5ZEhvjJlUQVYGAUq7KeQkGOGG4EgH8FIxcU4i2ho0bzpD/R9CQKXfLLub9IbQBEIq+lt4GItD/3DFVae//UgA8lB5Nym8vZRwrdQsDi3rp03SD31QSukuFCJPb4/XGTtYCBIvG73QLjAuCKoo78OSlDpkyLad518Bqg1ZPEI=
Received: from VI1PR0101MB2336.eurprd01.prod.exchangelabs.com (10.168.61.10) by VI1PR0101MB2351.eurprd01.prod.exchangelabs.com (10.168.61.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.14; Thu, 21 Mar 2019 11:16:08 +0000
Received: from VI1PR0101MB2336.eurprd01.prod.exchangelabs.com ([fe80::1915:a32:285d:8a05]) by VI1PR0101MB2336.eurprd01.prod.exchangelabs.com ([fe80::1915:a32:285d:8a05%2]) with mapi id 15.20.1730.013; Thu, 21 Mar 2019 11:16:08 +0000
From: Urmas Vanem <urmas.vanem@octox.eu>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Mail regarding draft-ietf-tls-rfc4346-bis
Thread-Index: AdTf1Fh6CDpnJizlQeWXTznUUocPGQ==
Date: Thu, 21 Mar 2019 11:16:08 +0000
Message-ID: <VI1PR0101MB2336F08960C01C00F628D1E58C420@VI1PR0101MB2336.eurprd01.prod.exchangelabs.com>
Accept-Language: et-EE, en-US
Content-Language: et-EE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=urmas.vanem@octox.eu;
x-originating-ip: [88.196.135.57]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a4d83dca-d035-4e65-e979-08d6adee9dd5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(7168020)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:VI1PR0101MB2351;
x-ms-traffictypediagnostic: VI1PR0101MB2351:
x-microsoft-antispam-prvs: <VI1PR0101MB2351F2E704FB1D76C76640418C420@VI1PR0101MB2351.eurprd01.prod.exchangelabs.com>
x-forefront-prvs: 0983EAD6B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400003)(396003)(136003)(376002)(366004)(346002)(199004)(189003)(105586002)(81166006)(25786009)(476003)(106356001)(74482002)(1730700003)(508600001)(54896002)(52536014)(6506007)(66066001)(7696005)(5660300002)(81156014)(53936002)(26005)(8936002)(14444005)(9686003)(6306002)(2351001)(68736007)(86362001)(55016002)(2906002)(71190400001)(71200400001)(2501003)(99286004)(3846002)(6916009)(33656002)(6116002)(790700001)(316002)(186003)(8676002)(256004)(486006)(14454004)(7736002)(102836004)(6436002)(55236004)(5640700003)(74316002)(97736004)(44832011)(66574012); DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR0101MB2351; H:VI1PR0101MB2336.eurprd01.prod.exchangelabs.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:3;
received-spf: None (protection.outlook.com: octox.eu does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: PCUWJBLxQ9LvS4zUbA/vFCCnskl1xBL4fm/hQQ5ltyOkye+VI8hq09ZMRGeZ0Ner/iLOaqtBevVbR2eqc6A+3F08HnHt/B6enbxH/TGWXiFW5UNbIcQjVdcAXiOeyY5gWZ2EUTcbF6Evqf+Sk9uTJoesrLdBgkiqA7mJcs/mbNPagJvpdTXtMUzAxQJOfQQEU9+M2JaKJM/hz8c9g6HC3cBxFaCTVnjhYjcjir1MIHviGN7pw+a5Im7Wy9CgHMqsMqmtZzfRwAdwIECT9ZT/Kt05K+a0xczU60bpg2bv6vo0VzcfpKUd31GlGbhcceEne0GU5lXz/M1+kGgiZNh9+W2H5R3D/+StEauSdDgfIA3zUPIyzRxJbw+JEwXGngei5scavRCZ1IvyEdIEXIoSo82u0tOlN0Rlhjme/RDLgfg=
Content-Type: multipart/alternative; boundary="_000_VI1PR0101MB2336F08960C01C00F628D1E58C420VI1PR0101MB2336_"
MIME-Version: 1.0
X-OriginatorOrg: octox.eu
X-MS-Exchange-CrossTenant-Network-Message-Id: a4d83dca-d035-4e65-e979-08d6adee9dd5
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2019 11:16:08.0246 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: dafc6255-bb50-469d-8077-e6d07ec10d7b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0101MB2351
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/gnWi6_Hb6PxtVYPHZmMyl_9XSrY>
X-Mailman-Approved-At: Thu, 21 Mar 2019 21:22:20 -0700
Subject: [TLS] Mail regarding draft-ietf-tls-rfc4346-bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2019 11:24:07 -0000
Hi! I try to find authoritative explanation for some aspects in RFC 5246 (TLS 1.2). I hope this is right place to ask. Background: Company A has client/browser and company B has web server. Server has certificate and it also requires certificate from client. Client do not advertise signature_algorithm ECDSA/SHA512 in its client hello. Server supports signature_algorithm ECDSA/SHA512 by default, but it does not send it to client with certificate request message because it is not advertised in client hello! (Communication fails.) * Company B says that this is correct implementation for RFC 5246 - only common signature algorithms for both parties must be included in signature_algorithms extension in certificate request message! * Company A says that in correct implementation of RFC 5246 all signature_algorithms supported by server must be included in certificate request message (and client hello has nothing to do with certificate request message)! Can you please share your opinion/understanding with me? Or lead me to right direction? Thanks! Urmas
- [TLS] Mail regarding draft-ietf-tls-rfc4346-bis Urmas Vanem
- Re: [TLS] Mail regarding draft-ietf-tls-rfc4346-b… Eric Rescorla
- Re: [TLS] Mail regarding draft-ietf-tls-rfc4346-b… Hubert Kario