Re: [TLS] PR #23 for RFC4492bis
Yoav Nir <ynir.ietf@gmail.com> Mon, 04 July 2016 14:59 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6CA412D124 for <tls@ietfa.amsl.com>; Mon, 4 Jul 2016 07:59:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z6Yci7yQc3Ah for <tls@ietfa.amsl.com>; Mon, 4 Jul 2016 07:59:11 -0700 (PDT)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAE1D12D0F9 for <tls@ietf.org>; Mon, 4 Jul 2016 07:59:10 -0700 (PDT)
Received: by mail-wm0-x22a.google.com with SMTP id r201so119001364wme.1 for <tls@ietf.org>; Mon, 04 Jul 2016 07:59:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LH5DzTKeFZZzfrQL/0yR1fMESPufk7hfZexlkGSLwbQ=; b=Xd2TeF4NDpePovjU4mmvas86tpgR+cLUWQk1Zt/HkEPGM8U5LtpL9hDN8Bc2X6wY/m +TczNzK0G/bmyvjdQdOl2X7H6uViIf1McAly+hxBJ/EV2jbL5utyKev4KmnoqUKqFSOX L/IJcHQ+MgQaDOwF3ElxtFnv0GVXm9lpLRhGmt//XhYKakvibjOaJdOm/meSDiVnA1EQ ODzROzKGhmLhXKxSDuidmzjUcVl+A66B3CiUR+e58PUfT7SKumXzHo33X6lvAHreHnsO 4vlnh0IUjjek0LC22HIpzxdnISUyl+D2BQpPfBj2dWHgjao8yxURG/Crf8jEWHKRepvv IL5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LH5DzTKeFZZzfrQL/0yR1fMESPufk7hfZexlkGSLwbQ=; b=gXxC/D39KcD6fBsxFzpQj7deQ0TwZ6AzW2u4n3+LqaS1Y67bdwj8X2sFUcJMRRtAMa 43Xbmu++bROcS3FQDEUbNKtj5oj5ZHoHik5yK5gWgbUoablhPU/lN7GDC9jshaD2mtDS gpcCLa5lxHUAL9wXwp6jAV7A7KGJV0VRCBaqoMYANtogU/OvJzEq2BmNsk60kEPD3LlX 570ZhWSmnuOodrAbgFPagklh088+jycBcQywe7q6YftS158naO9rNeUuDOglZzZjPJbm uHBRU8wP9fPCICJDRkMZ8j3+Vg3/SkbdrG42VLP3Ykhp2bO1Q32c7K7iChWUQa7CEzPc SpOw==
X-Gm-Message-State: ALyK8tK0X814UApOZtxHBfDlDL6SNlGfy9/yQZnsIn+6AVs9Vaz6OinJj1IU04wK7NgIBA==
X-Received: by 10.194.236.195 with SMTP id uw3mr12856240wjc.149.1467644349254; Mon, 04 Jul 2016 07:59:09 -0700 (PDT)
Received: from [172.24.249.249] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id 12sm2952477wmj.19.2016.07.04.07.59.07 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 04 Jul 2016 07:59:08 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <20160704140625.GD4287@LK-Perkele-V2.elisa-laajakaista.fi>
Date: Mon, 04 Jul 2016 17:59:06 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <C5503852-9B73-41DD-A54C-5B5ADA643397@gmail.com>
References: <4A93EB96-11C3-4F08-B1DC-6ED21E11BFC0@gmail.com> <20160704140625.GD4287@LK-Perkele-V2.elisa-laajakaista.fi>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/VZ0kMUoOocsgZX8o9-I5TT4sIlk>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] PR #23 for RFC4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jul 2016 14:59:13 -0000
> On 4 Jul 2016, at 5:06 PM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > > On Mon, Jul 04, 2016 at 03:46:00PM +0300, Yoav Nir wrote: >> Hi >> >> Based on an email exchange with Nikos Mavrogiannopoulos, I’ve submitted a PR. >> >> https://github.com/tlswg/rfc4492bis/pull/23 >> >> If there are no objections, I will accept it and submit version -08 this Friday. > > While scanning through, I noticed that the Ed25519 and Ed448 "curves" > are still there. I think negotiating those should be done the same way > as in TLS 1.3 (those would then appear as hash=7 signature=3/4 IIRC). IMO this makes it very complex. TLS 1.3 replaces the old signature_algorithms extension that had pairs of signature algorithm/hash algorithm with one that has 16-bit values. It changes things for ECDSA as well. We’re not going to change ECDSA in TLS 1.2. So if we wanted to adopt that we would still interpret 0x04,0x03 as ECDSA (with whatever curve) along with SHA-256, while 0x07,0x03 would be Ed25519, not ECDSA with some unknown hash function 0x07. Seems strange to me, but I’ll make whatever changes the group wants. Yoav
- Re: [TLS] PR #23 for RFC4492bis Yoav Nir
- Re: [TLS] PR #23 for RFC4492bis David Benjamin
- Re: [TLS] PR #23 for RFC4492bis Yoav Nir
- Re: [TLS] PR #23 for RFC4492bis Ilari Liusvaara
- [TLS] PR #23 for RFC4492bis Yoav Nir