Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 with DSA client
Martin Rex <mrex@sap.com> Thu, 10 March 2011 23:10 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B5C293A69B6 for <tls@core3.amsl.com>; Thu, 10 Mar 2011 15:10:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.223
X-Spam-Level:
X-Spam-Status: No, score=-10.223 tagged_above=-999 required=5 tests=[AWL=0.026, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93DCNvFMBYhY for <tls@core3.amsl.com>; Thu, 10 Mar 2011 15:10:34 -0800 (PST)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 833783A69F1 for <tls@ietf.org>; Thu, 10 Mar 2011 15:10:34 -0800 (PST)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id p2ANBofk021752 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 11 Mar 2011 00:11:50 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201103102311.p2ANBobr004173@fs4113.wdf.sap.corp>
To: demoss.matt@gmail.com
Date: Fri, 11 Mar 2011 00:11:50 +0100
In-Reply-To: <AANLkTinMav4990gG9NCT3PbMrCGQCYtLGrZNb=EzB+Z7@mail.gmail.com> from "Matt DeMoss" at Mar 10, 11 04:59:23 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 with DSA client
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2011 23:10:35 -0000
Matt DeMoss wrote: > > Martin Rex <mrex@sap.com> wrote: > > > > The TLS spec should not mess around with PKI and X.509 issues. > > Negotiation of the algorithm used for the "digitally signed" struct > > ought to be _completely_ seperate from characteristics of certificates. > > > > A TLS extension to convey hints about digital signature algorithms > > ought to be a fairly black box to TLS, containing a list of > > ASN.1 AlgIds, and with the semantic of a "hint to the PKI software > > for selecting the most appropriate certificates", i.e. "MAY" not "MUST". > > This is interesting to me; as a kind of thought experiment do you > think it would ever be appropriate for TLS to negotiate hash > algorithms on CRLs or on OCSP responses? It seems unlikely that > multiple CRLs will be generated with different hashes and that is only > slightly less true for X.509 certs. As a black-box TLS extension where apps or the PKI-stack can exchange hints that the peer could take into account when selecting adequate certs, crls or ocsp-responses would be fine. > > Does it make more sense for TLS to instead negotiate the version of > X.509 (or PKIX profile, or other credential) in use and hope some > future version will provide functionality for a smoother transition? The most simple approach would be through the use of seperate trust anchors for seperate algorithm sets. It would work as is with most of the installed base of TLS software. But there are a few PKI diehards (especially those from the "there can be only one Root" PKIs) that are fiercly fighting against having to add a few trust anchors and an 10% additional administrative overhead for a three-digit number of CAs--they rather want the other 6 billions on the planet to suffer long and hard with any migration. > > I read RFC 5280 to say there can only be one signature per certificate, > but it isn't hard to imagine having doubly signed certificates in the > future. Unlike PKCS7/CMS and PGP keys, which can handle multiple independent signatures, X.509 was created with insufficient thought on the security needs of EndEntities. With X.509, the EndEntities have zero effective control about what CAs attribute to their identities. The DANE/keyassurance working group is trying to provide a solution that this problem can be mitigated for TLS server certificates in the future (a solution outside of X.509). I'm actually more concerned about the reluctance of some vendors to ease a transition. Why do I need to manually request a patch like this: http://support.microsoft.com/kb/968730 (I'm using WinXP 64-bit, which is Windows 2003 under the sheets) Vendors with digital signatures on software (and timestamps on those signatures) should not be using sha1 anymore for any of the signatures in that process, and therefore have a genuine interest in getting SHA256 into all of their platforms and with the very next automatic software update... -Martin
- [TLS] TLSv1.2 with DSA client cert and key size >… Martin Rex
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Wan-Teh Chang
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Martin Rex
- [TLS] TLS v1.2 performance (was Re: TLSv1.2 with … Michael D'Errico
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Nikos Mavrogiannopoulos
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Dr Stephen Henson
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Martin Rex
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Dr Stephen Henson
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Martin Rex
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Kemp, David P.
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Wan-Teh Chang
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Yoav Nir
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Eric Rescorla
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Eric Rescorla
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Eric Rescorla
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Juho Vähä-Herttua
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Marsh Ray
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Juho Vähä-Herttua
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Juho Vähä-Herttua
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Kyle Hamilton
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Nikos Mavrogiannopoulos
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Matt DeMoss
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Geoffrey Keating
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Geoffrey Keating
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Michael D'Errico
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Peter Gutmann
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Matt DeMoss
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Geoffrey Keating
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Martin Rex
- Re: [TLS] TLS v1.2 performance (was Re: TLSv1.2 w… Sean Turner
- Re: [TLS] TLSv1.2 with DSA client cert and key si… Martin Rex