Re: [TLS] [Technical Errata Reported] RFC5246 (5535)
Benjamin Kaduk <kaduk@mit.edu> Fri, 19 October 2018 15:00 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10DE8130F06 for <tls@ietfa.amsl.com>; Fri, 19 Oct 2018 08:00:02 -0700 (PDT)
X-Quarantine-ID: <D-LBekwupEgP>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...]
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D-LBekwupEgP for <tls@ietfa.amsl.com>; Fri, 19 Oct 2018 07:59:59 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20791130F55 for <tls@ietf.org>; Fri, 19 Oct 2018 07:59:58 -0700 (PDT)
X-AuditID: 12074423-45fff700000031b7-a3-5bc9f16bef7c
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 94.45.12727.C61F9CB5; Fri, 19 Oct 2018 10:59:57 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-4.mit.edu (8.14.7/8.9.2) with ESMTP id w9JExnQR032765; Fri, 19 Oct 2018 10:59:51 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) �by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id w9JExgZt029540 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 19 Oct 2018 10:59:45 -0400
Date: Fri, 19 Oct 2018 09:59:42 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Tim Dierks <tim@dierks.org>, Eric Rescorla <ekr@rtfm.com>, Christopher Wood <christopherwood07@gmail.com>, Joseph Salowey <joe@salowey.net>, sean+ietf@sn3rd.com, dave_thompson_2@comcast.net, "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <20181019145942.GD19309@kduck.kaduk.org>
References: <20181019062451.15CF9B8011D@rfc-editor.org> <CABkgnnWvFm5SpOTM+qQQLbwnMbtHYUp=rw+76pgvGq2U4NMJ5w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABkgnnWvFm5SpOTM+qQQLbwnMbtHYUp=rw+76pgvGq2U4NMJ5w@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrCKsWRmVeSWpSXmKPExsUixG6nrpv78WS0wY3DLBbTv19js7jct4vV YsXrc+wW2zbtZ7e4duYfo0XT/q9sFpc2rGay+L1nHrvFp/NdjA6cHpMfz2H0+LVmMZvHzll3 2T2WLPnJ5NHQdowVKNHG7HF81wZ2j4MHGQM4orhsUlJzMstSi/TtErgyms7tZC64L1txc1N5 A+NO8S5GTg4JAROJJ1+6mLsYuTiEBNYwSSw/cY0NwtnIKNGy5AWUc5dJYvbd1ewgLSwCqhJr H/5mArHZBFQkGrovM4PYIgK6EovOPgCrYRbYyiQxcZptFyMHh7CArcShTcIgJi/Qtsk3HEAq hATqJD6v+w42hVdAUOLkzCcsEJ1aEjf+vWQCKWcWkJZY/o8DJMwpECjRtmMNK4gtKqAssbfv EPsERoFZSLpnIemehdC9gJF5FaNsSm6Vbm5iZk5xarJucXJiXl5qka6ZXm5miV5qSukmRnCE uCjvYHzZ532IUYCDUYmHt+DoiWgh1sSy4srcQ4ySHExKorwF6iejhfiS8lMqMxKLM+KLSnNS iw8xSnAwK4nwKpYC5XhTEiurUovyYVLSHCxK4rwTWxZHCwmkJ5akZqemFqQWwWRlODiUJHif fQBqFCxKTU+tSMvMKUFIM3FwggznARreClLDW1yQmFucmQ6RP8Woy9H29PoMZiGWvPy8VClx 3nvvgYoEQIoySvPg5oASm0T2/ppXjOJAbwnzmoKM4gEmRbhJr4CWMAEtOWF6AmRJSSJCSqqB cU70Ed4nC0WkhXLuPD+1wypd2K/o9RmODmXjR1NM/z0I+/tK/nypu133ROPHUyYem+1gWzPz S86JrXwhKU6WTDpMsw8pBs134TB64i74Z2vs+wvJfPOD5Hv87miqqCl0sS3/c6WIN1NqSQzP N/b/ln4nVledc+TZtu3o38CUiyUvtJtexWbrK7EUZyQaajEXFScCAOsQCoRHAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/LE_1I_qxn3WuvR_hgchUS67-Y84>
Subject: Re: [TLS] [Technical Errata Reported] RFC5246 (5535)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 15:00:07 -0000
It does feel like an artifact of the times, yes. So I am not sure if there is a better option than "Rejected" (or, I guess, leave in "Reported" indefinitely). -Ben On Fri, Oct 19, 2018 at 05:34:48PM +1100, Martin Thomson wrote: > An artifact of the times more than an error methinks? The document > does also say: "Currently, DSA [DSS] may only be used with SHA-1." in > the context of talking about use of different hash algorithms for DSA. > > Good thing that we obsoleted that RFC and removed DSA, now we don't > have to worry about it any more... ;) Seriously though, I don't know > the process for dealing with valid criticisms of features that have > been obsoleted. Hold For Document Update seems very wrong, so we can > rule that out at least. > > On Fri, Oct 19, 2018 at 5:25 PM RFC Errata System > <rfc-editor@rfc-editor.org> wrote: > > > > The following errata report has been submitted for RFC5246, > > "The Transport Layer Security (TLS) Protocol Version 1.2". > > > > -------------------------------------- > > You may review the report below and at: > > http://www.rfc-editor.org/errata/eid5535 > > > > -------------------------------------- > > Type: Technical > > Reported by: Dave Thompson <dave_thompson_2@comcast.net> > > > > Section: 4.7 > > > > Original Text > > ------------- > > In DSA, the 20 bytes of the SHA-1 hash are run directly through the > > Digital Signing Algorithm with no additional hashing. ... > > > > Corrected Text > > -------------- > > In DSA, the bytes of the selected hash are run directly through the > > Digital Signing Algorithm with no additional hashing. ... > > > > Notes > > ----- > > In 2246 and 4346 this statement (then using the less-accurate spellings DSS and SHA) was correct because only SHA1 was used for DSA (and ECDSA, in 4492, versus SHA1+MD5 for RSA), but 5246 changed this to allow specifying one of several hashes, with selection constrained by the signature_algorithms extension (if present) or CertificateRequest field from the peer. > > > > FIPS 186 actually defines the hashing step as part of signature generation and verification, so it might be even better to make this something like "For DSA, signature generation applies the selected hash [to the contents] and then computes two values, r and s." similar to the way the preceding paragraph of 5246 "In RSA signing" differs from the 2246 and 4346 versions by no longer treating the hashing as separate, but that is a bigger change to an obsoleted document, and arguably problematic because the normative reference is FIPS 186-2; as indicated in Appendix B on page 80, 186-3 which officially allowed DSA to use FIPS 180-3 hashes (not only SHA-1) was released in draft before 5246 but not finalized until after (2006-03 to 2009-06 versus 2008-08). > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". If necessary, please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party > > can log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC5246 (draft-ietf-tls-rfc4346-bis-10) > > -------------------------------------- > > Title : The Transport Layer Security (TLS) Protocol Version 1.2 > > Publication Date : August 2008 > > Author(s) : T. Dierks, E. Rescorla > > Category : PROPOSED STANDARD > > Source : Transport Layer Security > > Area : Security > > Stream : IETF > > Verifying Party : IESG > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls
- [TLS] [Technical Errata Reported] RFC5246 (5535) RFC Errata System
- Re: [TLS] [Technical Errata Reported] RFC5246 (55… Martin Thomson
- Re: [TLS] [Technical Errata Reported] RFC5246 (55… Benjamin Kaduk
- Re: [TLS] [Technical Errata Reported] RFC5246 (55… Megan Ferguson