RE: [TLS] TLS 1.2 hash agility

<Pasi.Eronen@nokia.com> Thu, 27 September 2007 09:31 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iapi8-0008GG-Va; Thu, 27 Sep 2007 05:31:08 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iapi7-0008Fs-OU for tls@ietf.org; Thu, 27 Sep 2007 05:31:07 -0400
Received: from smtp.nokia.com ([131.228.20.173] helo=mgw-ext14.nokia.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Iapi7-0001Ys-7x for tls@ietf.org; Thu, 27 Sep 2007 05:31:07 -0400
Received: from esebh108.NOE.Nokia.com (esebh108.ntc.nokia.com [172.21.143.145]) by mgw-ext14.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l8R9UmJI002587; Thu, 27 Sep 2007 12:31:04 +0300
Received: from esebh103.NOE.Nokia.com ([172.21.143.33]) by esebh108.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 27 Sep 2007 12:30:42 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh103.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 27 Sep 2007 12:30:42 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] TLS 1.2 hash agility
Date: Thu, 27 Sep 2007 12:30:42 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2404A1F1A6@esebe105.NOE.Nokia.com>
In-Reply-To: <46FA745A.3070305@pobox.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] TLS 1.2 hash agility
Thread-Index: AcgAT20UH9clMuy8RXejWUQWyIGXsgAmQbBg
References: <46ABB82D.8090709@pobox.com> <46ACCCCB.8000201@pobox.com><B356D8F434D20B40A8CEDAEC305A1F24046B2496@esebe105.NOE.Nokia.com><20070914215611.0342933C21@delta.rtfm.com><46EB102E.2070900@pobox.com><20070914225606.9E9B433C21@delta.rtfm.com><46EC2AE7.9040903@pobox.com><20070917185820.6E7CC33C3A@delta.rtfm.com> <46FA745A.3070305@pobox.com>
From: Pasi.Eronen@nokia.com
To: mike-list@pobox.com, tls@ietf.org
X-OriginalArrivalTime: 27 Sep 2007 09:30:42.0530 (UTC) FILETIME=[12F22C20:01C800E9]
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

mike-list@pobox.com wrote:

> > - In the case of the ServerKeyExchange, the client signals his
> >   support in this extension *and* in the cipher suite.
> 
> The cipher suite doesn't have all the information about which
> signature algorithm to use.
> 
>      TLS_RSA_WITH_RC4_128_MD5
>      TLS_RSA_WITH_RC4_128_SHA
>      TLS_RSA_WITH_3DES_EDE_CBC_SHA
>      TLS_RSA_WITH_AES_128_CBC_SHA
>      TLS_RSA_WITH_AES_256_CBC_SHA
> 
> The above cipher suites specify that the public key in the
> certificate must be an RSA key, but they don't say anything about
> what algorithm is used to sign the certificate.

In TLS 1.0 and 1.1, these ciphersuites required that the certificate
is also signed with RSA. (But that's something we can change in 
TLS 1.2, if we so decide.)

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls