IETF Logo Mail Archive

Re: [TLS] DSS with other than SHA-1 algorithms

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 09 May 2011 15:31 UTC

Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76C21E07CC for <tls@ietfa.amsl.com>; Mon, 9 May 2011 08:31:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.516
X-Spam-Level:
X-Spam-Status: No, score=-3.516 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pKQ6HrDE7+GI for <tls@ietfa.amsl.com>; Mon, 9 May 2011 08:31:44 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by ietfa.amsl.com (Postfix) with ESMTP id 5F433E07AD for <tls@ietf.org>; Mon, 9 May 2011 08:31:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1304955104; x=1336491104; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20juhovh@iki.fi,=20pgut001@cs.auckland.ac.nz |Subject:=20Re:=20[TLS]=20DSS=20with=20other=20than=20SHA -1=20algorithms|Cc:=20tls@ietf.org|In-Reply-To:=20<4DC12D 35.1040805@iki.fi>|Message-Id:=20<E1QJR0o-0003ui-Tx@login 01.fos.auckland.ac.nz>|Date:=20Tue,=2010=20May=202011=200 2:00:38=20+1200; bh=8OOjdDl+TxHQ1OcotQXexIXlwPfjk4PSI2tiQ7OKFUw=; b=ihBYu5rwKe+FblnDxXeDZQScWBo7aAQJg17C/m7wQH3syG38Mb5Qqxup 3wVLTpx+oJeG0VmAErxzPTXfjCJkC+8BL0usORgbaQTPCL3cYdOTM0exa oz7YdzRoAbuIV++48VJARicWgMPlLIwFSBItqAIgCc1MG0yhWCV5mL3X4 o=;
X-IronPort-AV: E=Sophos;i="4.64,340,1301832000"; d="scan'208";a="60837354"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 10 May 2011 02:00:44 +1200
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QJR0o-0003fW-JI; Tue, 10 May 2011 02:00:38 +1200
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QJR0o-0003ui-Tx; Tue, 10 May 2011 02:00:38 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: juhovh@iki.fi, pgut001@cs.auckland.ac.nz
In-Reply-To: <4DC12D35.1040805@iki.fi>
Message-Id: <E1QJR0o-0003ui-Tx@login01.fos.auckland.ac.nz>
Date: Tue, 10 May 2011 02:00:38 +1200
Cc: tls@ietf.org
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2011 15:31:45 -0000

=?ISO-8859-1?Q?Juho_V=E4h=E4-Herttua?= <juhovh@iki.fi> writes:

>I think the deployment is very small on the server side, but I would say it
>is quite common on the client side. I know at least Firefox has had ECC
>cipher suites enabled by default for quite a long time (3 years or so), and I
>think that attributes to somewhere close to one third of all browsers
>globally. (according to Mozilla more than 350 million users) Calling TLS-ECC
>deployment vanishingly small is a bit of an understatement, don't you think?

"Implemented in the client" != "used" though.  The only hard data that we have
at the moment, the SSL Observatory, indicates:

Number of deployed DSA TLS servers with certs chaining to a trusted root: 25
Number "  " ECC  "  "  ": Zero
Number "  " RSA  "  "  ": Millions

For non-trusted certs I think there were a total of six servers doing ECC in
the entire world, and I'm guessing most or even all of them are the small
number of public interop servers out there.

Both of those make it "vanishingly small" (at least for public deployment) as
far as I'm concerned :-).

>That's exactly the parts of the draft I am referring to. This should be
>combined with the RFC 5246 text:
>
>    If the client does not send the signature_algorithms extension, the
>    server MUST do the following:
>...
>    -  If the negotiated key exchange algorithm is one of (ECDH_ECDSA,
>       ECDHE_ECDSA), behave as if the client had sent value {sha1,ecdsa}.
>
>Your draft does not mandate sending the signature_algorithms extension, but
>at the same time it does say one should use the SHA256 or SHA386 for
>signatures. Does it override the above clause of TLS 1.2 or does it implicate
>signature_algorithms have to be always sent in case any of those cipher
>suites are to be offered?

Ah, I see what you mean.  OK, I'll add a note to address this.  RFC 5246
assumes the universal-substrate SHA1 if you forget the signature_algorithms
extension as a means of handling the lack of an explicit indication since
there's no other way to tell what to use, but the ECC-suites draft makes it
explicit what hash to use so there's no need to use the fall-back rules.

>That explains it much better, I tried to google it before but didn't really
>get any sensible results. Looks like searching for "chinese menu column" gives
>more hits,

I've added a note to explain it for non-US readers.  If you search for "one
from column A one from column B" you'll get an awful lot of hits, things
like medical papers using that in the title:

http://www.ncbi.nlm.nih.gov/pubmed/11827830

The search term "Chinese menu" gets overwhelmed by links to restaurants.

Peter.

v2.23.0 | Report a Bug | By Email