Re: [TLS] regd. signature algorithm 0x0804 (rsa_pss_rsae_sha256) use in TLSv1.2 CertificateVerify
M K Saravanan <mksarav@gmail.com> Tue, 20 November 2018 18:46 UTC
Return-Path: <mksarav@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A493130DD8 for <tls@ietfa.amsl.com>; Tue, 20 Nov 2018 10:46:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7oUxR5b6BxST for <tls@ietfa.amsl.com>; Tue, 20 Nov 2018 10:46:02 -0800 (PST)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF5EC130DCF for <tls@ietf.org>; Tue, 20 Nov 2018 10:46:01 -0800 (PST)
Received: by mail-lj1-x236.google.com with SMTP id u6-v6so2579158ljd.1 for <tls@ietf.org>; Tue, 20 Nov 2018 10:46:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=h5cetwDlNHa/0qYnBnZkby/bKKoWNPwHeOaUCwRgqO4=; b=IsvvhT7fMk3uH7CZWFfF8Npyx0h4eONJu73I98ptTkvTiurT/WS278i3zm3jeFYNt5 SdEYZvZMlfxfP/NN6k6X50fS71lNRIRmp70669blcbNs+4A2pqxu1TjbTSH6mYFdXKsf vO+GPul6bHF3xw//9W1QcoACs2SnG0yEHI0Ez0FNtTQz5zWlFGdU3nA9obpNxuAjdVZg v8YdpCG96C3Ke5BwF4Bl4WcengBTSbZOLlIy9I1Bx8eOdpmOE8u1RqV+OmSoOAFTT+XE dHuL53OKmoEPVCEX42QfyO2+wTKBff0jGCkDjTkVriI7ak31zYXIBoeyG736DoEieEXn xAug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=h5cetwDlNHa/0qYnBnZkby/bKKoWNPwHeOaUCwRgqO4=; b=DuAJODlboZrNTuMHdrfo4iBM4/MynfmKbIZSt8uMKtFJ1xukEqF9M69tKZF8f+m2BR kaNjlSB7+YI/k7RQLBwJlQObvjAz+pnggjWDYavuZmauQEcxhZwnM2gSKOSPcEnmtxvF EHUXnvviEm9Fp74F5l6EhTjTiv5EHR8kOGemIFhNUvKnFFcbgB90GdJ+/aEyenQBdowh zvHKFKkDhieInJX8StCBrpqOWTd8/LftnMZ4qpeJTi/LsyxY0jNqrCmGyfdEnRrLQFIk 5LNzXutL5MQ60f888xrea9xQdDbzmAFMqPxuk3b5IUStBo9QH9dyhfveWBQlWOP9z63G TFdw==
X-Gm-Message-State: AA+aEWaPZo8FwwtXLU3InKmztpcQ1copIbBbEljqGueOSZ/qkWKnVgyI rIfiEpPl0aymIincwdB9Ji+5bfMavxep9KcJxg4=
X-Google-Smtp-Source: AFSGD/V/XIw0Ps1RsC/xQXMz7nWLeDWW8gmcnJK6vZ2QVRIOI4tYuiKXZmocKuBhYPH0NOoNQdFXyggmsL4xMZi7Bu8=
X-Received: by 2002:a2e:8643:: with SMTP id i3-v6mr1644610ljj.43.1542739559916; Tue, 20 Nov 2018 10:45:59 -0800 (PST)
MIME-Version: 1.0
References: <CAG5P2e8SY8JsraV9R5MPe35hr2t5TWFmPZ=3gh0vrDW=i-AjDw@mail.gmail.com> <CAG5P2e9vA0X1jAh+s_JKBCC6aYE_8SZ2kFvH2gO3Z4e8CEP6yA@mail.gmail.com> <CAF8qwaByvv51SrKdxVwjfecGvtSEvfpqqdWur8Rsdig7P8Jh2g@mail.gmail.com>
In-Reply-To: <CAF8qwaByvv51SrKdxVwjfecGvtSEvfpqqdWur8Rsdig7P8Jh2g@mail.gmail.com>
From: M K Saravanan <mksarav@gmail.com>
Date: Wed, 21 Nov 2018 02:45:48 +0800
Message-ID: <CAG5P2e9z0G7FjhdTUZAWUdcebiwYAROwdTknxhzhkaW3m7hTpA@mail.gmail.com>
To: davidben@chromium.org
Cc: tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Gwf2TXMsQoysS-kF6XnVrCrwgZY>
Subject: Re: [TLS] regd. signature algorithm 0x0804 (rsa_pss_rsae_sha256) use in TLSv1.2 CertificateVerify
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 18:46:04 -0000
Thanks David. with regards, Saravanan. On Wed, 21 Nov 2018 at 02:07, David Benjamin <davidben@chromium.org> wrote: > > Yes, this is correct. > > On Tue, Nov 20, 2018 at 10:35 AM M K Saravanan <mksarav@gmail.com> wrote: >> >> Hi, >> >> RFC8446: >> ================================================= >> 4.2.3. Signature Algorithms >> >> [...] >> - Implementations that advertise support for RSASSA-PSS (which is >> mandatory in TLS 1.3) MUST be prepared to accept a signature using >> that scheme even when TLS 1.2 is negotiated. In TLS 1.2, >> RSASSA-PSS is used with RSA cipher suites. >> >> ================================================= >> >> The above paragraph gives me an impression that, in TLSv1.2, if >> CertificateRequest message advertise 0x0804, then the client can sign >> the CertificateVerify message with 0x0804 if client cert is RSA. >> >> 0x0804 = rsa_pss_rsae_sha256 >> >> Can some one please confirm whether my understanding is correct? >> >> with regards, >> Saravanan >> >> On Wed, 21 Nov 2018 at 00:27, M K Saravanan <mksarav@gmail.com> wrote: >> > >> > Hi, >> > >> > If a TLSv1.2 Certificate Request message contains 0x0804 >> > (rsa_pss_rsae_sha256) as one of the supported signature algorithms, >> > can a client sign the CertificateVerify message using that algorithm? >> > (client cert is RSA). Is it allowed in TLSv1.2? >> > >> > with regards, >> > Saravanan >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] regd. signature algorithm 0x0804 (rsa_p… M K Saravanan
- [TLS] regd. signature algorithm 0x0804 (rsa_pss_r… M K Saravanan
- Re: [TLS] regd. signature algorithm 0x0804 (rsa_p… David Benjamin
- Re: [TLS] regd. signature algorithm 0x0804 (rsa_p… M K Saravanan