[TLS] [Errata Rejected] RFC5246 (5535)
RFC Errata System <rfc-editor@rfc-editor.org> Sat, 27 October 2018 23:17 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F8A0130E0A; Sat, 27 Oct 2018 16:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BQ7Z1Z2Rfd0e; Sat, 27 Oct 2018 16:17:04 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6414E126F72; Sat, 27 Oct 2018 16:17:04 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 6F37AB80194; Sat, 27 Oct 2018 16:16:59 -0700 (PDT)
To: dave_thompson_2@comcast.net, tim@dierks.org, ekr@rtfm.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: kaduk@mit.edu, iesg@ietf.org, tls@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20181027231659.6F37AB80194@rfc-editor.org>
Date: Sat, 27 Oct 2018 16:16:59 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/TTFLNxLQzqtcj01XSzZ6738NOvQ>
Subject: [TLS] [Errata Rejected] RFC5246 (5535)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2018 23:17:09 -0000
The following errata report has been rejected for RFC5246, "The Transport Layer Security (TLS) Protocol Version 1.2". -------------------------------------- You may review the report below and at: http://www.rfc-editor.org/errata/eid5535 -------------------------------------- Status: Rejected Type: Technical Reported by: Dave Thompson <dave_thompson_2@comcast.net> Date Reported: 2018-10-19 Rejected by: Benjamin Kaduk (IESG) Section: 4.7 Original Text ------------- In DSA, the 20 bytes of the SHA-1 hash are run directly through the Digital Signing Algorithm with no additional hashing. ... Corrected Text -------------- In DSA, the bytes of the selected hash are run directly through the Digital Signing Algorithm with no additional hashing. ... Notes ----- In 2246 and 4346 this statement (then using the less-accurate spellings DSS and SHA) was correct because only SHA1 was used for DSA (and ECDSA, in 4492, versus SHA1+MD5 for RSA), but 5246 changed this to allow specifying one of several hashes, with selection constrained by the signature_algorithms extension (if present) or CertificateRequest field from the peer. FIPS 186 actually defines the hashing step as part of signature generation and verification, so it might be even better to make this something like "For DSA, signature generation applies the selected hash [to the contents] and then computes two values, r and s." similar to the way the preceding paragraph of 5246 "In RSA signing" differs from the 2246 and 4346 versions by no longer treating the hashing as separate, but that is a bigger change to an obsoleted document, and arguably problematic because the normative reference is FIPS 186-2; as indicated in Appendix B on page 80, 186-3 which officially allowed DSA to use FIPS 180-3 hashes (not only SHA-1) was released in draft before 5246 but not finalized until after (2006-03 to 2009-06 versus 2008-08). --VERIFIER NOTES-- As described in the reported Notes, at the time of publication, the DSA specification in force only allowed for the usage of SHA-1. So the document was correct at time of publication and an errata is not appropriate, even though subsequent events have allowed for the usage of a broader set of hash algorithms with DSA. -------------------------------------- RFC5246 (draft-ietf-tls-rfc4346-bis-10) -------------------------------------- Title : The Transport Layer Security (TLS) Protocol Version 1.2 Publication Date : August 2008 Author(s) : T. Dierks, E. Rescorla Category : PROPOSED STANDARD Source : Transport Layer Security Area : Security Stream : IETF Verifying Party : IESG
- [TLS] [Errata Rejected] RFC5246 (5535) RFC Errata System