IETF Logo Mail Archive

Re: [TLS] Explicit error expectations (was Re: Deprecate SHA1 for signatures in TLS 1.3)

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 11 July 2015 05:09 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AAF51A6EE9 for <tls@ietfa.amsl.com>; Fri, 10 Jul 2015 22:09:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L0l3Fkx3wuxa for <tls@ietfa.amsl.com>; Fri, 10 Jul 2015 22:09:12 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B4D51A6EE6 for <tls@ietf.org>; Fri, 10 Jul 2015 22:09:12 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 8871C284D68; Sat, 11 Jul 2015 05:09:11 +0000 (UTC)
Date: Sat, 11 Jul 2015 05:09:11 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150711050911.GK28047@mournblade.imrryr.org>
References: <CALuAYvbteowTeyWe9VneRHgyvzTRS3LfKdorWt=jmEy2k+wNqw@mail.gmail.com> <20150710160848.GW28047@mournblade.imrryr.org> <BLUPR03MB139645B664D7C3998B2DAA3C8C9F0@BLUPR03MB1396.namprd03.prod.outlook.com> <201507110056.07539.davemgarrett@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <201507110056.07539.davemgarrett@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Q6DQnlqHi-Qx0z9HoqAWS7vrUhg>
Subject: Re: [TLS] Explicit error expectations (was Re: Deprecate SHA1 for signatures in TLS 1.3)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2015 05:09:14 -0000

On Sat, Jul 11, 2015 at 12:56:07AM -0400, Dave Garrett wrote:

> Due to discussion here, I've started a branch to add some better
> expectations or errors to deal with things more clearly. Just a WIP at
> this point:
> 
> https://github.com/davegarrett/tls13-spec/compare/seanfixesredux...davegarrett:morealerts

Thanks for collecting these.  Is there a reason to "perpetuate"
the TLS 1.2 specification anomaly under discussion in this thread
in lines 2207-2211:

    If a server receives a ClientHello, but the server cannot produce a valid
    certificate chain using the hash/signature pairs known to be supported by
    the client (via this extension or the defaults assumed in its absence),
    then the server MUST send an "unsupported_certificate" alert message and
    close the connection.

Or are you just summarizing current state, with any proposed changes
to be discussed separately?  I still maintain that is clearly
incorrect server behaviour, any specifications to the contrary
notwithstanding.  The decision of whether the chain is or is not
supported by the client MUST be left to the client.  The server
does not have sufficient information to make this decision unilaterally
(even if knows all the signature algorithms the client appears to
support).

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email