Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 03 December 2014 07:40 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC9761A00F8 for <tls@ietfa.amsl.com>; Tue, 2 Dec 2014 23:40:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QQP1F6ZLH1TZ for <tls@ietfa.amsl.com>; Tue, 2 Dec 2014 23:40:39 -0800 (PST)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C8B71A00F5 for <tls@ietf.org>; Tue, 2 Dec 2014 23:40:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1417592440; x=1449128440; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=uTEqzvAokBP1Z7+ZupffdZ1BdgWgcL68vFQOxKT07/E=; b=KgIuheYPdinxryTn4SwymnxOYr5Zk9sKCwOHTWGaBCU4UW6tfLhkEZlo NM5EPIic882Yz4rmEIDVlyRt9a5Epoj/M+2TybNFdqm72SQjcGQq3uP97 1Zmt3o0dtTjBW7vGfxEG2i4khnPepCmCHXjGMKavMQuAn8tkRJDq6ByPT M=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="294589325"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.171 - Outgoing - Outgoing
Received: from uxchange10-fe4.uoa.auckland.ac.nz ([130.216.4.171]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 03 Dec 2014 20:40:38 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.139]) by uxchange10-fe4.UoA.auckland.ac.nz ([169.254.109.63]) with mapi id 14.03.0174.001; Wed, 3 Dec 2014 20:40:37 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] WG adoption: draft-nir-tls-rfc4492bis
Thread-Index: AdAOzG2PjhCBXx9VT5OuSUfiLwTLiQ==
Date: Wed, 03 Dec 2014 07:40:36 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9F9C96@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/WjpY2H63i7xaWa7QeYOdfxsC4H0
Subject: Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 07:40:43 -0000
Stephen Checkoway <s@pahtak.org> writes: >That seems wrong. In practice, a client connects and says I'm willing to >communicate using protocol parameters X, Y, and Z. If the server can't >accommodate the client, it closes the connection. How is the signature >algorithm any different from the cipher suite in this respect? TLS conflates the algorithms used with TLS with the algorithms used for certificates. As others have pointed out, a server has control over the algorithms used for TLS, but no control over what's used in certificates. Those are dictated by the CA. So it's OK for the client to say "I would like one of the above for TLS", but it has no business saying "I expect your CA, and every CA above it up to the root, to also use the algorithm(s) I've asked for". Peter.
- [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Nikos Mavrogiannopoulos
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Ryan Sleevi
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Ilari Liusvaara
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Jeffrey Walton
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex