Re: [TLS] Deprecated signature algorithms in RFC8446

"Martin Thomson" <mt@lowentropy.net> Sun, 05 May 2019 23:00 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3092E120122 for <tls@ietfa.amsl.com>; Sun, 5 May 2019 16:00:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=MUYVIJLX; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=At6f/E1w
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCli4dg2b1V7 for <tls@ietfa.amsl.com>; Sun, 5 May 2019 16:00:34 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4779D120106 for <tls@ietf.org>; Sun, 5 May 2019 16:00:34 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 7985821B10 for <tls@ietf.org>; Sun, 5 May 2019 19:00:33 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Sun, 05 May 2019 19:00:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm2; bh=eUn1C 4Z351inono9pzxG1+XoSIdg7dSyXyVFAv++4hw=; b=MUYVIJLXQE/VVvnKekgzQ V2NTq/Tm18Xxp+tYNv893JP70T44P3GPbunQTvJg1MPP211F/mbDB5qt1oY2nmdt 3TKwwcspYdlF2ueINRKqvEkOPQ1roENmcPv2xfWarVcg1FsmRlEBz9VLELaAMVEQ ZNsJ6lvClCwB/Bc+j+qA6072Hg2RMMdxBeRt11UIKW6QlVre058tMxO6zbZy6f+h 2v28THWmJnWHG3JkiEEA23mkCHDxeyj+BavIQ55tzGjr91aOxybhVouISWQmupTb net6Cx1xVWqXSVFE+DoWFurd530un1cI7pPvvTpw245TdvKokZvd2kdLcjHofrlp g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=eUn1C4Z351inono9pzxG1+XoSIdg7dSyXyVFAv++4 hw=; b=At6f/E1wimaBQ/XXueMTr5M9fYMUxXJ3lHkoNACsjxaN0YbEczZDA4aYy dldV/gjMpghA0vEGLxViXBW1l5jjLiFhznv60p6LKLRQp6bm5mmYwikAg6qS/+pw TuWeMhaqVAGMCM+yehFDoe8wzu3t3iYowo7E1ccCHGehyuJjA/VnpUYq+OZVCEpo wTxgqLeaiisADZb7hxKk5kLM/v7W6Phw+f+/NhizkNFgRr/TZ5q+k+5DC3y2WUXK 0e7BXa6TTIKLUTTs2dpK1yWorLa9lRo9mt1LUXxTHH66SZYc4bafFN3Ct1kylwoz lQBFI1J8lF3uwVMZJTlZMuru7Zuvw==
X-ME-Sender: <xms:EGvPXK5BjHTqTALGAdtnYMMW_HW9N0VWcHNUaj1DKWsD4IXAkJ5rVg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrjeeigddukecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucffohhmrghinheptghomhhpohhnohhlihhtrdgtoh hmpdhivghtfhdrohhrghdpmhhoiihilhhlrgdrohhrghenucfrrghrrghmpehmrghilhhf rhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthenucevlhhushhtvghrufhiiigvpe dt
X-ME-Proxy: <xmx:EGvPXJqTbkbMwhZJnhjlKuWj1x8UDH-Ud4QGAMPkUaBcP6O4jn5Z9g> <xmx:EGvPXHiDrM-sFj4hAne4yvHoCwHoO5uIV7buVmgyhMe83_gCMzgg3g> <xmx:EGvPXBuxRbZgd76UTP_JlMRosg1-t8oflgW7qXyQQDlgZy898WG7Pg> <xmx:EWvPXKCyp3k4WXG6R1oIFCXQKPI9QzgqilkcrLzqks2Qjic9QV7ZwA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D71307C6D9; Sun, 5 May 2019 19:00:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-449-gfb3fc5a-fmstable-20190430v1
Mime-Version: 1.0
Message-Id: <e38a140b-8b97-4797-99da-b89c50c47103@www.fastmail.com>
In-Reply-To: <1f5befb5-0338-1135-1acf-31d06470d572@componolit.com>
References: <1f5befb5-0338-1135-1acf-31d06470d572@componolit.com>
Date: Sun, 05 May 2019 19:00:36 -0400
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/WkZwQXfHb20ofFhXPQcoatJFJf0>
Subject: Re: [TLS] Deprecated signature algorithms in RFC8446
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 May 2019 23:00:36 -0000

Thanks for noticing that Tobias.  I've opened an erratum, but am still waiting for the RFC editor's email confirming it.  I'll pass that along when that comes through.

(This is the result of a bug in NSS, so in case you are interested: https://bugzilla.mozilla.org/show_bug.cgi?id=1549225)

On Sat, May 4, 2019, at 01:35, Tobias Reiher wrote:
> Hi,
> 
> the example handshake traces for TLS 1.3 (RFC8448) seems not to fully
> comply to the TLS 1.3 standard (RFC8446).
> 
> RFC8446 in 4.2.3. says that an implementation must not offer deprecated
> algorithms in the signature algorithms extension:
> 
> "In TLS 1.2, the extension contained hash/signature pairs.  The
> pairs are encoded in two octets, so SignatureScheme values have
> been allocated to align with TLS 1.2's encoding.  Some legacy
> pairs are left unallocated.  These algorithms are deprecated as of
> TLS 1.3.  They MUST NOT be offered or negotiated by any
> implementation.  In particular, MD5 [SLOTH], SHA-224, and DSA
> MUST NOT be used."
> 
> RFC8448 shows in 3. an example with a ClientHello message containing a
> signature algorithms extension with the deprecated algorithms 0x0402,
> 0x0502, 0x0602, and 0x0202, which all refer to the DSA algorithm, which
> must not be used with TLS 1.3.
> 
> Best regards,
> 
> Tobias Reiher
> 
> -- 
> Componolit GmbH · Königsbrücker Straße 124 · 01099 Dresden · Germany
> Amtsgericht Dresden · HRB 36670 · Sitz Dresden
> Geschäftsführer: Alexander Senier · USt-IdNr. (EU VATIN): DE312113634
> 
> http://componolit.com · @Componolit
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>