Re: [TLS] TLS 1.2 hash agility
Eric Rescorla <ekr@networkresonance.com> Fri, 14 September 2007 21:59 UTC
Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWJCW-00077w-Th; Fri, 14 Sep 2007 17:59:48 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWJCU-00077T-Sm for tls@ietf.org; Fri, 14 Sep 2007 17:59:46 -0400
Received: from [209.213.211.195] (helo=delta.rtfm.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IWJCU-0006sx-GH for tls@ietf.org; Fri, 14 Sep 2007 17:59:46 -0400
Received: from delta.rtfm.com (localhost.rtfm.com [127.0.0.1]) by delta.rtfm.com (Postfix) with ESMTP id 0342933C21; Fri, 14 Sep 2007 14:56:10 -0700 (PDT)
Date: Fri, 14 Sep 2007 14:56:10 -0700
From: Eric Rescorla <ekr@networkresonance.com>
To: Pasi.Eronen@nokia.com
Subject: Re: [TLS] TLS 1.2 hash agility
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F24046B2496@esebe105.NOE.Nokia.com>
References: <46ABB82D.8090709@pobox.com> <46ACCCCB.8000201@pobox.com> <B356D8F434D20B40A8CEDAEC305A1F24046B2496@esebe105.NOE.Nokia.com>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20070914215611.0342933C21@delta.rtfm.com>
X-Spam-Score: 0.1 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
At Thu, 9 Aug 2007 12:34:07 +0300, <Pasi.Eronen@nokia.com> wrote: > > Mike (mike-list@pobox.com) wrote: > > > I think the solution we need is to specifically list each supported > > signature algorithm, e.g. > > > > enum { > > rsa_with_md5(0), rsa_with_sha1(1), > > rsa_with_sha256(2), rsa_with_sha384(3), > > rsa_with_sha512(4), dsa_with_sha1(5), > > (65535) > > }; > > > > These may not be specific enough, as I've seen suggestions for, > > e.g. rsa_pkcs1v1_5_with_sha1, and I've heard that some algorithms > > need parameters, but I think I've made my point. > > I think your suggestion looks good; it seems to handle the DSA and > ECDSA cases better than just a list of hashes, and it's more > in TLS style than sending DER-encoded AlgorithmIdentifiers. > And then we could change Signature structure to > > struct { > SignatureAlgorithm signature_algorithm; > opaque signature_value<0..2^16-1>; > } Signature; > > Eric, what's your opinion? OK, I started trying to wire this into TLS and it's messy. There are three contexts we have to think about: - Certs (from either side) - CertificateVerify - ServerKeyExchange The difficulty is that the latter two already have signals indicating what acceptable signature algorithms are, in the ClientCertificateType, and the ciphersuite respectively. So, we either need to significantly reconstruct those or have duplication of information, with the result that you have to potentially deal with mismatched information, e.g., only offering RSA in the SKE, but offering RSA and DSA in the new value. -Ekr _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] TLS 1.2 Eric Rescorla
- Re: [TLS] TLS 1.2 Steven M. Bellovin
- Re: [TLS] TLS 1.2 Peter Gutmann
- Re: [TLS] TLS 1.2 Steven M. Bellovin
- Re: [TLS] TLS 1.2 Bodo Moeller
- [TLS] TLS 1.2 Mike
- [TLS] TLS 1.2 Mike
- [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 Mike
- [TLS] TLS 1.2 MAC calculation Mike
- Antwort: [TLS] TLS 1.2 MAC calculation Axel.Heider
- Re: Antwort: [TLS] TLS 1.2 MAC calculation Bodo Moeller
- Re: [TLS] TLS 1.2 interoperating Mike
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Mike
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Mike
- Re: [TLS] TLS 1.2 hash agility Eric Rescorla
- RE: [TLS] TLS 1.2 hash agility Russ Housley
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen
- RE: [TLS] TLS 1.2 hash agility Pasi.Eronen