Re: [TLS] Simplifying signature algorithm negotiation

David Benjamin <davidben@chromium.org> Mon, 29 February 2016 17:16 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BBE71B37D0 for <tls@ietfa.amsl.com>; Mon, 29 Feb 2016 09:16:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.384
X-Spam-Level:
X-Spam-Status: No, score=-1.384 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o08aNhX-0zXH for <tls@ietfa.amsl.com>; Mon, 29 Feb 2016 09:16:55 -0800 (PST)
Received: from mail-ig0-x236.google.com (mail-ig0-x236.google.com [IPv6:2607:f8b0:4001:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8C5A1B3732 for <tls@ietf.org>; Mon, 29 Feb 2016 09:16:55 -0800 (PST)
Received: by mail-ig0-x236.google.com with SMTP id z8so82755220ige.0 for <tls@ietf.org>; Mon, 29 Feb 2016 09:16:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bVhOrgG8PyFDTQfyhCc5c0/v10FVbN1lnO5JLFByPq0=; b=jq+H/fKJX5xuDEogqrEZgSypTZ9qOwsVBkPlhz4rw87DCf1R8a0oe6P4sC+XY2mZNw pq425tj64K2IR899p43W+EbQd30+WvjvTK4yl+dEvlew6HstGjtBxNaP6mMATF8QU9xK IJR73E0zvEu0QOuxFFYzWPMWhm6vJJP8/Jg58=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bVhOrgG8PyFDTQfyhCc5c0/v10FVbN1lnO5JLFByPq0=; b=ONAY0Ol1aWPK5IABaqDVIJ7Tz8ewXqfYOeuGeBdtNBVymLbWblsJTIWHB7607mdTmU 5WZdxHHcbGRGuxorE5KIQGflgpNMd0darF2cHk49cHjOXd/VgXzcQTjFKkC8ospI1IjZ Lk3PQF8Ahmt3kyBcPJXpexwt2ZH/HvLfeLC4O1s6iM1gtBM9/4apvK0r49vHMvH+6v8b HaIsNj9jjvTFsqc+e3cG4UH/uDR8Z7MR6ewJwqSA9tQ6rtDClt/r4asNUINQkedtqzNz ren2OWlV/Rynbk0RR4D815GlkAvFkgxHZwr++dbgeBwOGXKFwoCzdc1SvFXzXpmjwbFa jSIw==
X-Gm-Message-State: AD7BkJJuvRB96vUVNosxFEVtnz4p0eJwvwUViEY7yE83q1aTbjX4FIsfqMtNHqdJsEXo/Xn4t7faxEK7qO9JMKAL
X-Received: by 10.50.79.133 with SMTP id j5mr6523414igx.67.1456766214946; Mon, 29 Feb 2016 09:16:54 -0800 (PST)
MIME-Version: 1.0
References: <CAF8qwaCpYqs7ELDcRzXveLLjpL+d-CmBczkxPweh6_RVE1aDeA@mail.gmail.com> <201601152007.12464.davemgarrett@gmail.com> <CAF8qwaBPsLz-vuOvXGZgxzMpaKHwtZixu7NXzfFN4V_R6WT8Tg@mail.gmail.com> <CABcZeBNipj4oLU=FrTp3+CqTg5bh5vBnd04DoNt56=8BRjqobw@mail.gmail.com>
In-Reply-To: <CABcZeBNipj4oLU=FrTp3+CqTg5bh5vBnd04DoNt56=8BRjqobw@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Mon, 29 Feb 2016 17:16:44 +0000
Message-ID: <CAF8qwaDUbLmvzibuC7aedOR5TP6Fv3rNz6ft_v3bKu=FHatYgg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary=047d7b15fae3c38996052cebd099
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/O4RpdamVs4lnAhJraVqjZ8fA5m4>
Cc: ekr <notifications@github.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Simplifying signature algorithm negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 17:16:57 -0000

On Fri, Jan 15, 2016 at 8:23 PM Eric Rescorla <ekr@rtfm.com>; wrote:

> On Fri, Jan 15, 2016 at 5:19 PM, David Benjamin <davidben@chromium.org>;
> wrote:
>
>> On Fri, Jan 15, 2016 at 8:07 PM Dave Garrett <davemgarrett@gmail.com>;
>> wrote:
>>
>>> On Friday, January 15, 2016 03:45:34 pm David Benjamin wrote:
>>> > This is a proposal for revising SignatureAlgorithm/HashAlgorithm. In
>>> TLS
>>> > 1.2, signature algorithms are spread across the handshake.
>>> [...]
>>> > I propose we fold the negotiable parameters under one name.
>>> [...]
>>> > 2. Remove HashAlgorithm, SignatureAlgorithm, SignatureAndHashAlgorithm
>>> as
>>> > they are. Introduce a new SignatureAlgorithm u16 type and negotiate
>>> that
>>> > instead.
>>>
>>> I previously proposed this here:
>>> https://www.ietf.org/mail-archive/web/tls/current/msg18035.html
>>>
>>> ekr was against it, though it hasn't been discussed that throughly.
>>> https://www.ietf.org/mail-archive/web/tls/current/msg18036.html
>>
>>
>> Ah, thanks! I must have missed this discussion. Or perhaps I saw it and
>> forgot.
>>
>> ekr, are you still against this sort of thing? I think the new CFRG
>> signature algorithms tying decisions together is a good argument for why
>> we'd want this. If we believe this trend is to continue (and I hope it
>> does. Ed25519 is a nice and simple interface), trying to decompose it all
>> seems poor.
>>
>
> I'm not sure. I agree that the CFRG thing seems to be a new development.
> I'll
> try to confirm my previous opinion or develop a new one over the weekend :)
>

ekr, did you have confirmed or new thoughts on this change?

>From elsewhere in the thread, I put together a draft PR if you wanted
something to look at in that form.
https://github.com/tlswg/tls13-spec/pull/404
It incorporated some of the suggestions in the thread (not mentioning the
really legacy values, pairing NIST curves with hashes, etc.), but that's
not the important part. The meat of the proposal is unifying signature
algorithms under one number and a shared interface, which I think is a
valuable simplification.

David