Re: [TLS] Signed messages should be prefixed with a NUL-terminated context string.
Adam Langley <agl@google.com> Mon, 01 December 2014 22:28 UTC
Return-Path: <agl@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF3F1A6F0A for <tls@ietfa.amsl.com>; Mon, 1 Dec 2014 14:28:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oc6xYnfL8622 for <tls@ietfa.amsl.com>; Mon, 1 Dec 2014 14:28:49 -0800 (PST)
Received: from mail-qc0-x235.google.com (mail-qc0-x235.google.com [IPv6:2607:f8b0:400d:c01::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5051F1A883D for <tls@ietf.org>; Mon, 1 Dec 2014 14:28:49 -0800 (PST)
Received: by mail-qc0-f181.google.com with SMTP id m20so8577636qcx.12 for <tls@ietf.org>; Mon, 01 Dec 2014 14:28:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=sErxzeReTw9Tm78WOGOfnxSgrO9ZeJTMRpJpjuzTm5Y=; b=eb16l2XDSVD/SY6v4atV48uByG/Acx2jPhXqHR2LJ4dH8fQUP2ytIOwy4QNKSa+1FC Dd/063hQomJsUPW3l+csXkYeJGPGRdJRtSoXhDmXopSGY//DbFKJbwd/viRmr/xwQJya LVf07BTB5a/yNEMwzdl2FJZcx8l8cZX550nluLTIQn5iqO7QHK5HOjmjg8fQZGAuhR75 XRh+uZdkurVJOmy0ITOD1dGxcEqwdu6DPtBzD9j3tosgHgWI8lBYR8f0tehRoULLdNmi fILj2jbSYHBclCDG2j6T8k0SGBCfQ9okl7PVwDTfsvLINK81VBXpQaKlC27atN59p1oq 7xeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=sErxzeReTw9Tm78WOGOfnxSgrO9ZeJTMRpJpjuzTm5Y=; b=bD7qSjhQr0Uh+32oQL7FAO+MMmF2lBj6A22DRX3EW1DQVVkYX88gi70fUnWhoLmrt9 WOp5geND+vsvmMiQ8I+6w4cPUrswy6kkWwSsgH7ZAEdG+b/te60e3Rlby54iS+zMNj4K y9YWG1cTHuoMxo+f9e+ij2WOSPNrJKtcRy13virc4yx+qi9gnfm7JX+IY4wfR8zDUl8V BooGpyOBt6HUQ/Rs3qnRiYD94P+YfcAEBfVdZQkyzKJeXgtwXbBWs7XJYB80+Fqqm0U7 lf0DeXVrmXZEj9UjXmaKNHr03numEO51NMAORekYeQYJn4G2AgT4QD1h34OnyhafZjA+ Ca3A==
X-Gm-Message-State: ALoCoQnkVFSv9+Cxiy7HEGDD9kRYm7mI609eHXkubfyhS/bXi1MLZn0habEdbK95rEgF3N4jnlcl
X-Received: by 10.224.25.79 with SMTP id y15mr41996906qab.78.1417472928492; Mon, 01 Dec 2014 14:28:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.229.162.1 with HTTP; Mon, 1 Dec 2014 14:28:28 -0800 (PST)
In-Reply-To: <CABcZeBPHQGMNYU1QbG=oeuVZYG71BqVaJU9E9e2Kh+rEWq=RXA@mail.gmail.com>
References: <CAMfhd9XgR-N6BZVLojfyf6E2+0fhYVHopp5FKALoup_GjTji5A@mail.gmail.com> <CABcZeBMmFWOoh6Av=eAaMi6AA1Kb7X41Efie-0PuRZWwPPVz_A@mail.gmail.com> <860778484.3559563.1416987612674.JavaMail.zimbra@redhat.com> <CABcZeBPHQGMNYU1QbG=oeuVZYG71BqVaJU9E9e2Kh+rEWq=RXA@mail.gmail.com>
From: Adam Langley <agl@google.com>
Date: Mon, 01 Dec 2014 14:28:28 -0800
Message-ID: <CAL9PXLwrZCgDUqd8ugqhcpYEBwLOcQXSLg8Kx8fgCq6tzLvO4A@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/HYnTUEV1MU4FlRshvG2Uo0bIXVc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Signed messages should be prefixed with a NUL-terminated context string.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 22:28:50 -0000
On Wed, Nov 26, 2014 at 6:09 AM, Eric Rescorla <ekr@rtfm.com> wrote: > If someone wants to contribute a PR so that we can have something > concrete to look at that would be even better. I have submitted a PR for the padding and context-string changes: https://github.com/tlswg/tls13-spec/pull/100 I did not change the CertificateVerify structure in the same commit because I'm not quite sure that I follow the reasoning. The CertificateVerify implicitly contains the client and server nonce because it contains all the preceding handshake messages. What's the motivation for duplicating them at the beginning? Is it simply to avoid having the opaque signer understand the TLS structure? If so, does the padding and context strings that I've just proposed break that? Cheers AGL
- [TLS] Signed messages should be prefixed with a N… Adam Langley
- Re: [TLS] Signed messages should be prefixed with… Nikos Mavrogiannopoulos
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Nikos Mavrogiannopoulos
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Adam Langley
- Re: [TLS] Signed messages should be prefixed with… Nikos Mavrogiannopoulos
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Ilari Liusvaara
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Ilari Liusvaara
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Ilari Liusvaara
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Adam Langley
- Re: [TLS] Signed messages should be prefixed with… Michael StJohns
- Re: [TLS] Signed messages should be prefixed with… Watson Ladd
- Re: [TLS] Signed messages should be prefixed with… Adam Langley
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Michael StJohns
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Michael StJohns
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla
- Re: [TLS] Signed messages should be prefixed with… Eric Rescorla