IETF Logo Mail Archive

Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis

"Ryan Sleevi" <ryan-ietftls@sleevi.com> Mon, 01 December 2014 08:56 UTC

Return-Path: <ryan-ietftls@sleevi.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA6DE1A1A09 for <tls@ietfa.amsl.com>; Mon, 1 Dec 2014 00:56:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.266
X-Spam-Level:
X-Spam-Status: No, score=-0.266 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rzx7MqS92uDe for <tls@ietfa.amsl.com>; Mon, 1 Dec 2014 00:56:39 -0800 (PST)
Received: from homiemail-a90.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id EFC7A1A1A13 for <tls@ietf.org>; Mon, 1 Dec 2014 00:56:38 -0800 (PST)
Received: from homiemail-a90.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a90.g.dreamhost.com (Postfix) with ESMTP id AF0292AC06A; Mon, 1 Dec 2014 00:56:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=message-id :in-reply-to:references:date:subject:from:to:cc:reply-to :mime-version:content-type:content-transfer-encoding; s= sleevi.com; bh=WUdDd6OlI9kjWb3CboDnZ8swBDQ=; b=srXbdIBjq26LFco77 MpDfGueW/eqVE+UbXOVXDwPJtgqcqfXqdLQ9V84d/sedD39bczdkczQPhVFo2Xlm HCwNUqoB8XKVWJLy03wdP/Uy5QCXaYsdwsRE8kuQH6TH96oVRgB22SlBpjviAkr1 8WitDzudXcVkPQpfOZwcqSZ/fo=
Received: from webmail.dreamhost.com (caiajhbihbdd.dreamhost.com [208.97.187.133]) (Authenticated sender: ryan@sleevi.com) by homiemail-a90.g.dreamhost.com (Postfix) with ESMTPA id 729BE2AC059; Mon, 1 Dec 2014 00:56:38 -0800 (PST)
Received: from 74.125.57.49 (proxying for 74.125.57.49) (SquirrelMail authenticated user ryan@sleevi.com) by webmail.dreamhost.com with HTTP; Mon, 1 Dec 2014 00:56:38 -0800
Message-ID: <6d8b33a4d2ed0a285450e3872bc155e7.squirrel@webmail.dreamhost.com>
In-Reply-To: <CABkgnnV4JUoS3jV_vp4KV_xX-wdXa4ART7gtMd7BUZMapELRLw@mail.gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C739B9F7A14@uxcn10-tdc05.UoA.auckland.ac.nz> <9FE323BF-2650-4EA3-9CBB-B46CF3A00298@pahtak.org> <CABkgnnV4JUoS3jV_vp4KV_xX-wdXa4ART7gtMd7BUZMapELRLw@mail.gmail.com>
Date: Mon, 01 Dec 2014 00:56:38 -0800
From: Ryan Sleevi <ryan-ietftls@sleevi.com>
To: Martin Thomson <martin.thomson@gmail.com>
User-Agent: SquirrelMail/1.4.21
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/VRDM1u0p-kqRWtzxxOu8snym6O8
Cc: Stephen Checkoway <s@pahtak.org>, tls@ietf.org
Subject: Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ryan-ietftls@sleevi.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 08:56:41 -0000

On Sun, November 30, 2014 11:17 pm, Martin Thomson wrote:
>  On 30 November 2014 at 13:52, Stephen Checkoway <s@pahtak.org> wrote:
> > How is the signature algorithm any different from the cipher suite in
> > this respect? If the client says it can only do ECDSA, what's the point
> > of giving it an RSA cert that it cannot use?
>
>  I think that the difference is that - at least for most clients - they
>  support both.  Or at least, servers have been able to deploy ECDSA
>  certs that chain to RSA with the expectation that RSA hasn't gone away
>  yet.  And that's relatively new.
>
>  Peter refers to the fact that servers (and CAs) have picked a
>  certificate that works based on what they know of clients, and had
>  just the one.  That single cert is offered unconditionally.  If the
>  client doesn't like it, then it can be responsible for choking on it.
>  CAs could have offered a range of certificates with varying strength
>  and signature algorithms, but one is always easier in every regard.
>
>  Migrating away from mostly RSA might have changed that a little.
>

Plus, there are plenty of libraries where the ciphersuite implementation
is semi-independent of the certificate validation.

Perhaps the largest deployment is Chrome, which uses a separate TLS
library (NSS, BoringSSL) than its PKI validation (OS APIs such as
CryptoAPI, Security.framework, or Android Keychain Services). You can
certainly have skew where the TLS client supports a modern suite of
algorithms, but the underlying platform does not. On Windows XP, this is
the SHA-2 family (pre-SP3) and ECDSA (pre-Vista), and on OS X, some
releases had some buggy ECDSA handling.

There are also a number of embedded TLS stacks that provide the
cryptographic framework for TLS, but then defer to external components (or
hardware) for trust validation.

I just mention these as real world cases where ciphersuites alone are
insufficient (although SignatureAndAlgorithms generally is... except where
it isn't)

v2.23.0 | Report a Bug | By Email