RE: [TLS] Re: TLS 1.2 draft
<Pasi.Eronen@nokia.com> Wed, 07 March 2007 14:23 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOx2o-0002XQ-RY; Wed, 07 Mar 2007 09:23:06 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOx2n-0002WK-5t for tls@ietf.org; Wed, 07 Mar 2007 09:23:05 -0500
Received: from smtp.nokia.com ([131.228.20.171] helo=mgw-ext12.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HOx2l-0006gd-N3 for tls@ietf.org; Wed, 07 Mar 2007 09:23:05 -0500
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext12.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l27EMk65021368; Wed, 7 Mar 2007 16:23:01 +0200
Received: from esebh103.NOE.Nokia.com ([172.21.143.33]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 7 Mar 2007 16:23:01 +0200
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh103.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 7 Mar 2007 16:23:01 +0200
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Re: TLS 1.2 draft
Date: Wed, 07 Mar 2007 16:22:58 +0200
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2403DB5D7A@esebe105.NOE.Nokia.com>
In-Reply-To: <45ED8D09.2060600@redhat.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Re: TLS 1.2 draft
Thread-Index: AcdgBvEq28nc0BLpQoGonDwmRMsCkgAue3Gg
References: <20070305054158.3A09C1CC24@delta.rtfm.com><87zm6qydae.fsf@latte.josefsson.org> <45ED8D09.2060600@redhat.com>
From: Pasi.Eronen@nokia.com
To: wtchang@redhat.com, tls@ietf.org
X-OriginalArrivalTime: 07 Mar 2007 14:23:01.0501 (UTC) FILETIME=[1CB7C2D0:01C760C4]
X-eXpurgate-Category: 1/0
X-eXpurgate-ID: 149371::070307162301-52051BB0-03797D21/0-0/0-1
X-Nokia-AV: Clean
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Wan-Teh Chang wrote: > I was surprised to learn about this change when I read your message. > So I did some research. Here is what I found. > > Appendix H of RFC 3447 explains the change to recommend omitting > the parameters for the SHA-x hash algorithms defined by NIST: > > The following corrections were made in converting the PKCS #1 v2.1 > document to this RFC: > > * The requirement that the parameters in an AlgorithmIdentifier > value for id-sha1, id-sha256, id-sha384, and id-sha512 be > NULL was changed to a recommendation that the parameters be > omitted (while still allowing the parameters to be > NULL). This is to align with the definitions originally > promulgated by NIST. Implementations MUST accept > AlgorithmIdentifier values both without parameters and with > NULL parameters. > > [...] > > These corrections will be reflected in future editions of PKCS #1 > v2.1. > > This change has been made to PKCS #1 v2.1 in the errata. > (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1errata.txt) No, this is not exactly what pkcs-1v2-1errata.txt says; there is additional text in the errata: Exception: When formatting the DigestInfoValue in EMSA-PKCS1-V1.5 (see 9.2), the parameters field associated with id-sha1, id-sha256, id-sha384 and id-sha512 SHALL have a value of type NULL. This is to maintain compatibility with existing implementations and with the numeric information values already published for EMSA-PKCS1-V1.5 which are also reflected in IEEE 1363a-2004[27]. In other words: AlgorithmIdentifier is used in several different places, and the text "MUST accept both, SHOULD omit" applies to all of those *except* one place (EMSA-PKCS1-V1.5). But that place happens to be the one we care about for TLS 1.2 (ServerKeyExchange and CertificateVerify messages)! I think we should follow pkcs-1v2-1errata.txt and IEEE 1363a-2004 (which both agree) here, unless there are compelling arguments against it... Best regards, Pasi _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Nelson B Bolyard
- Re: [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Nelson B Bolyard
- [TLS] Re: TLS 1.2 draft Simon Josefsson
- RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Pasi.Eronen
- Re: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Mike
- Re: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… EKR
- Re: [TLS] Re: TLS 1.2 draft Wan-Teh Chang
- Re: [TLS] TLS 1.2 draft Martin Rex
- Re: [TLS] TLS 1.2 draft EKR
- Re: [TLS] TLS 1.2 draft Martin Rex
- Re: [TLS] TLS 1.2 draft Eric Rescorla
- Re: [TLS] TLS 1.2 draft Dr Stephen Henson
- Re: [TLS] Re: TLS 1.2 draft Dr Stephen Henson
- [TLS] Re: TLS 1.2 draft Simon Josefsson
- Re: [TLS] Re: TLS 1.2 draft Steven M. Bellovin
- RE: [TLS] TLS 1.2 draft Pasi.Eronen
- RE: [TLS] Re: TLS 1.2 draft Pasi.Eronen
- Re: [TLS] Re: TLS 1.2 draft Martin Rex
- RE: [TLS] Re: TLS 1.2 draft Pasi.Eronen
- RE: [TLS] TLS 1.2 draft (issue #25 about SSLv2 He… Pasi.Eronen
- Re: [TLS] Re: TLS 1.2 draft Wan-Teh Chang
- [TLS] Re: TLS 1.2 draft EKR