Re: [TLS] which alert for TLS client cert w/o keyUsage digitalSignature
mrex@sap.com (Martin Rex) Fri, 20 September 2013 13:51 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B6CC21F943C for <tls@ietfa.amsl.com>; Fri, 20 Sep 2013 06:51:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.197
X-Spam-Level:
X-Spam-Status: No, score=-10.197 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ugjqZCr+zezt for <tls@ietfa.amsl.com>; Fri, 20 Sep 2013 06:51:17 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by ietfa.amsl.com (Postfix) with ESMTP id 6B40C21F93F8 for <tls@ietf.org>; Fri, 20 Sep 2013 06:51:17 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id r8KDp4QR003906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 20 Sep 2013 15:51:04 +0200 (MEST)
In-Reply-To: <523B6A3F.7000003@comodo.com>
To: Rob Stradling <rob.stradling@comodo.com>
Date: Fri, 20 Sep 2013 15:51:04 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20130920135104.1EE501A98B@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] which alert for TLS client cert w/o keyUsage digitalSignature
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2013 13:51:24 -0000
Rob Stradling wrote: > On 19/09/13 18:01, Michael D'Errico wrote: > >>> Wan-Teh Chang wrote: > >>>> Note: I don't understand why RFC 4492 says "It MUST be signed with > >>>> RSA." > <snip> > > Page 47 of RFC 5246 hints at these rules: > <snip> > > RFC 5246 relaxes the "It MUST be signed with RSA" rule, doesn't it? > > Appendix A.7 (Changes to RFC 4492) says: > "As described in Sections 7.4.2 and 7.4.6, the restrictions on the > signature algorithms used to sign certificates are no longer tied to > the cipher suite (when used by the server) or the > ClientCertificateType (when used by the client). Thus, the > restrictions on the algorithm used to sign certificates specified in > Sections 2 and 3 of RFC 4492 are also relaxed." Not really. Actually, it makes things worse, because rather than the "hidden" backwards-incompatible self-imposed limitiation from TLSv1.0, rfc5246 now contains a very explicit limitation to those algorithms negotiated by the signature algorithms TLS extension, and stupidly asks TLS implementations to enforce this for the entire certificate chain up to the root. In TLSv1.0 this limitiation, for anyone who actually noticed it, was clearly limited to the signature algorithm on the EE cert itself, but not signature algorithms of any intermediate and cross-CA certificates further up the chain. -Martin
- [TLS] which alert for TLS client cert w/o keyUsag… Martin Rex
- Re: [TLS] which alert for TLS client cert w/o key… Michael D'Errico
- Re: [TLS] which alert for TLS client cert w/o key… Wan-Teh Chang
- Re: [TLS] which alert for TLS client cert w/o key… Michael D'Errico
- Re: [TLS] which alert for TLS client cert w/o key… Daniel Kahn Gillmor
- Re: [TLS] which alert for TLS client cert w/o key… Michael D'Errico
- Re: [TLS] which alert for TLS client cert w/o key… Rob Stradling
- Re: [TLS] which alert for TLS client cert w/o key… Martin Rex
- Re: [TLS] which alert for TLS client cert w/o key… Martin Rex