Re: [TLS] Enforcing stronger server side signature/hash combinations in TLS 1.2
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 24 March 2017 01:29 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D6CC129BDB for <tls@ietfa.amsl.com>; Thu, 23 Mar 2017 18:29:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzRTDDJ0juIF for <tls@ietfa.amsl.com>; Thu, 23 Mar 2017 18:29:57 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BE71129B10 for <tls@ietf.org>; Thu, 23 Mar 2017 18:29:57 -0700 (PDT)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id B93247A32F1 for <tls@ietf.org>; Fri, 24 Mar 2017 01:29:56 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <1490317199552.71745@cs.auckland.ac.nz>
Date: Thu, 23 Mar 2017 21:29:55 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: TLS WG <tls@ietf.org>
Message-Id: <52C6D0EF-D6AC-484A-9096-BDAE5C870F82@dukhovni.org>
References: <E6C9F0E527F94F4692731382340B337846DD1B@DENBGAT9EH2MSX.ww902.siemens.net> <1490317199552.71745@cs.auckland.ac.nz>
To: TLS WG <tls@ietf.org>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/F13NTGTTBpBvOeDG9Z5TNyGe2fM>
Subject: Re: [TLS] Enforcing stronger server side signature/hash combinations in TLS 1.2
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 01:30:00 -0000
> On Mar 23, 2017, at 9:00 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > > See several previous discussions on the rationale behind > this (hmm, if you can find them :-). See, for example, the thread that contains: https://www.ietf.org/mail-archive/web/tls/current/msg17977.html I chose that message because it was easy to find. This particular topic has been a bit of a focus of mine on this list, so searching for my posts with a few of the related keywords pretty quickly messages on this topic. Given that TLS is opportunistic in SMTP, I strive to find ways to achieve as much as security as one can get and not end up with less by dogmatically insisting on more than is possible. Hence RFC7435, and more recently the dose of pragmatism that made it possible to convince the group to avoid repeating the error in the TLS 1.3 spec. The net effect is that in practice you simply ignore the signature algorithms when it comes to the certificate chain. I've never seen a TLS server that has multiple chains to choose from for the same server identity. This applies also to TLS 1.2, despite RFC 5246. -- Viktor.
- [TLS] Enforcing stronger server side signature/ha… Fries, Steffen
- Re: [TLS] Enforcing stronger server side signatur… Viktor Dukhovni
- Re: [TLS] Enforcing stronger server side signatur… Eric Rescorla
- Re: [TLS] Enforcing stronger server side signatur… Fries, Steffen
- Re: [TLS] Enforcing stronger server side signatur… Fries, Steffen
- Re: [TLS] Enforcing stronger server side signatur… Martin Rex
- Re: [TLS] Enforcing stronger server side signatur… Andrei Popov
- Re: [TLS] Enforcing stronger server side signatur… Eric Rescorla
- Re: [TLS] Enforcing stronger server side signatur… Eric Rescorla
- Re: [TLS] Enforcing stronger server side signatur… Andrei Popov
- Re: [TLS] Enforcing stronger server side signatur… Martin Rex
- Re: [TLS] Enforcing stronger server side signatur… Eric Rescorla
- Re: [TLS] Enforcing stronger server side signatur… Eric Rescorla
- Re: [TLS] Enforcing stronger server side signatur… Peter Gutmann
- Re: [TLS] Enforcing stronger server side signatur… Peter Gutmann
- Re: [TLS] Enforcing stronger server side signatur… Viktor Dukhovni
- Re: [TLS] Enforcing stronger server side signatur… Martin Thomson
- Re: [TLS] Enforcing stronger server side signatur… Viktor Dukhovni
- Re: [TLS] Enforcing stronger server side signatur… Fries, Steffen
- Re: [TLS] Enforcing stronger server side signatur… Martin Rex
- Re: [TLS] Enforcing stronger server side signatur… Salz, Rich
- Re: [TLS] Enforcing stronger server side signatur… Eric Rescorla
- Re: [TLS] Enforcing stronger server side signatur… Martin Rex
- Re: [TLS] Enforcing stronger server side signatur… Martin Rex
- Re: [TLS] Enforcing stronger server side signatur… Ryan Sleevi
- Re: [TLS] Enforcing stronger server side signatur… Martin Rex
- Re: [TLS] Enforcing stronger server side signatur… Ryan Sleevi
- Re: [TLS] Enforcing stronger server side signatur… Michael StJohns
- Re: [TLS] Enforcing stronger server side signatur… Martin Rex
- Re: [TLS] Enforcing stronger server side signatur… Eric Rescorla