Re: [TLS] Simplifying signature algorithm negotiation

David Benjamin <davidben@chromium.org> Sat, 16 January 2016 01:19 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B0091B34D2 for <tls@ietfa.amsl.com>; Fri, 15 Jan 2016 17:19:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TICA74TveMJh for <tls@ietfa.amsl.com>; Fri, 15 Jan 2016 17:19:51 -0800 (PST)
Received: from mail-ig0-x22c.google.com (mail-ig0-x22c.google.com [IPv6:2607:f8b0:4001:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5A701B2B45 for <tls@ietf.org>; Fri, 15 Jan 2016 17:19:50 -0800 (PST)
Received: by mail-ig0-x22c.google.com with SMTP id ik10so24515542igb.1 for <tls@ietf.org>; Fri, 15 Jan 2016 17:19:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=I7bZQokv1sZLcM4+FS6nbwAI4reL1+Oj4Kirn+ZV93c=; b=VW2dAVSpWy5OMq0zwrxWiz5NLBstJA6fnOfZXFH0msclvRdKuB5eIFO1r8K1lkAdRu vosnE+9lmKUhKuDRHDeSRN3AIdUOmSWnmDE0AeGKPugX9Fk5H2Fd20HYCb4qIuzjbY9B zrWGjOZEE/yuExxCtdhZgE7YZLtE7oRCmX//M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=I7bZQokv1sZLcM4+FS6nbwAI4reL1+Oj4Kirn+ZV93c=; b=Sxb/tn2KneAMpoMw44frCqwiUxyZqZ2RUlctmW9B0gkrG7dM+J1yySewpYFvCiz5FG a7YMNneag4V/tm6XzaD+tyOQxAdhRjaDXBjo7QZkeG29laF1Fb8PykLGlQAu9GCzEGvq VQ+YmPlCI+voILk2n0J0zuB/iwJvFhZYx7yx2g3kgmOe7LegwVdcYr2BiPsFgOutbda0 60VMvS+3gCics2yNs9RiCDWwlAAV3tq7lw3lMcEmXBpA+fL0Xrbr8rZAeLkF5jUHJ0TV A4wddAlGWZJlfN3Yv58LTRcVHJBCYv4SDF5zNwOqaCDKcJ1jqE2vz9TR0uQineliY4rh 3BsQ==
X-Gm-Message-State: AG10YOSAYKFrER7KSQvmZHRJa1wTPHY5LNFOPILspbPnYowjQF+izPgDcOo79fNcuCPiVaZFIihIHaIEd/LF70Oe
X-Received: by 10.50.79.196 with SMTP id l4mr1402348igx.11.1452907190256; Fri, 15 Jan 2016 17:19:50 -0800 (PST)
MIME-Version: 1.0
References: <CAF8qwaCpYqs7ELDcRzXveLLjpL+d-CmBczkxPweh6_RVE1aDeA@mail.gmail.com> <201601152007.12464.davemgarrett@gmail.com>
In-Reply-To: <201601152007.12464.davemgarrett@gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Sat, 16 Jan 2016 01:19:40 +0000
Message-ID: <CAF8qwaBPsLz-vuOvXGZgxzMpaKHwtZixu7NXzfFN4V_R6WT8Tg@mail.gmail.com>
To: Dave Garrett <davemgarrett@gmail.com>
Content-Type: multipart/alternative; boundary=089e01183f48f7d2840529695081
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/U-l1_F2udZyQfWGRYl1k1gC-PMA>
Cc: ekr <notifications@github.com>, tls@ietf.org
Subject: Re: [TLS] Simplifying signature algorithm negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jan 2016 01:19:52 -0000

On Fri, Jan 15, 2016 at 8:07 PM Dave Garrett <davemgarrett@gmail.com>; wrote:

> On Friday, January 15, 2016 03:45:34 pm David Benjamin wrote:
> > This is a proposal for revising SignatureAlgorithm/HashAlgorithm. In TLS
> > 1.2, signature algorithms are spread across the handshake.
> [...]
> > I propose we fold the negotiable parameters under one name.
> [...]
> > 2. Remove HashAlgorithm, SignatureAlgorithm, SignatureAndHashAlgorithm as
> > they are. Introduce a new SignatureAlgorithm u16 type and negotiate that
> > instead.
>
> I previously proposed this here:
> https://www.ietf.org/mail-archive/web/tls/current/msg18035.html
>
> ekr was against it, though it hasn't been discussed that throughly.
> https://www.ietf.org/mail-archive/web/tls/current/msg18036.html


Ah, thanks! I must have missed this discussion. Or perhaps I saw it and
forgot.

ekr, are you still against this sort of thing? I think the new CFRG
signature algorithms tying decisions together is a good argument for why
we'd want this. If we believe this trend is to continue (and I hope it
does. Ed25519 is a nice and simple interface), trying to decompose it all
seems poor.

David