IETF Logo Mail Archive

Re: [TLS] draft-ietf-tls-tls13-21: Signature algorithms definition discrepancy

"Short, Todd" <tshort@akamai.com> Wed, 05 July 2017 17:55 UTC

Return-Path: <tshort@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0C78131D98 for <tls@ietfa.amsl.com>; Wed, 5 Jul 2017 10:55:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.01
X-Spam-Level:
X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DsN1slcW9qy7 for <tls@ietfa.amsl.com>; Wed, 5 Jul 2017 10:55:29 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CA03131445 for <tls@ietf.org>; Wed, 5 Jul 2017 10:55:29 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id v65HrYjP000751; Wed, 5 Jul 2017 18:55:24 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=yEc7mXBmb2dEslfoWY2Dxw3pbDzXDcijLo3NX3kaA1M=; b=GAfPZz/pjn+uHKjx/K+o/uFKZeMBGN9YdSbUdNsUFONrHJobW8bjGCeSPLQ13WoPfmlq MJhDsyv/qlcUMV005VelHteLasYQ2KIQYpAu/0xmBKer5wA4/2uBeLNF4AETKgkVP1J/ /SAKZQDWYjMvQAL3iefr4BDGcpB5pF7fdFPRqSQUNU+/e9npCSHLjj0Nybr9WsotvjmU anaT2WhEWMeU6wyTFGx6bXhwn1q1PUYXLcmaS+wjrrPMTsaKFkgq/NV/OcPZUiDHjuH6 U9+y0V2zEKD+HyBfeWsnX7G/UjeC6fwVW6MPXnpUQSGOYEYZhzVDdnAgkZvfJes8gf2x JA==
Received: from prod-mail-ppoint2 (a184-51-33-19.deploy.static.akamaitechnologies.com [184.51.33.19] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 2bgaw06q95-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 05 Jul 2017 18:55:24 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.17/8.16.0.17) with SMTP id v65HobAF014970; Wed, 5 Jul 2017 13:55:23 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.30]) by prod-mail-ppoint2.akamai.com with ESMTP id 2be72uad5k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 05 Jul 2017 13:55:23 -0400
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag1mb4.msg.corp.akamai.com (172.27.123.104) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 5 Jul 2017 13:55:22 -0400
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com ([172.27.123.105]) by usma1ex-dag1mb5.msg.corp.akamai.com ([172.27.123.105]) with mapi id 15.00.1263.000; Wed, 5 Jul 2017 13:55:22 -0400
From: "Short, Todd" <tshort@akamai.com>
To: David Benjamin <davidben@chromium.org>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] draft-ietf-tls-tls13-21: Signature algorithms definition discrepancy
Thread-Index: AQHS9bDj0lkJXZ4/9kWdg6uG2Gs8UaJFvjOAgAAGVwCAAAJiAP//vXAA
Date: Wed, 05 Jul 2017 17:55:22 +0000
Message-ID: <EB35E478-4AB8-40BA-A9DA-03344DFA9616@akamai.com>
References: <B57C3372-71DF-4A4E-AE80-DAEB308C6EB7@akamai.com> <CAF8qwaB2norEb+Bfj6hAXLs+afEUnFwnTH_oSJkNwV4z+KvzCA@mail.gmail.com> <97CEA734-8BDF-42F2-A465-BC271B9F8DC2@akamai.com> <CAF8qwaBUo5g6y6k7qDt0Q=5D3sJaWDDntZuHAsPHCr13hwje9A@mail.gmail.com>
In-Reply-To: <CAF8qwaBUo5g6y6k7qDt0Q=5D3sJaWDDntZuHAsPHCr13hwje9A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.23.0.170610
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.35.117]
Content-Type: multipart/alternative; boundary="_000_EB35E4784AB840BAA9DA03344DFA9616akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-05_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707050300
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-07-05_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1707050301
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/X_2KEBtqZQWoEZTjfS4Q6dGo5k8>
Subject: Re: [TLS] draft-ietf-tls-tls13-21: Signature algorithms definition discrepancy
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 17:55:32 -0000

That wasn’t important enough for to create a PR.

I did create PR 1044 to reconcile S4.2.3 and S11.

--
-Todd Short
// tshort@akamai.com
// "One if by land, two if by sea, three if by the Internet."


From: David Benjamin <davidben@chromium.org>
Date: Wednesday, July 5, 2017 at 1:53 PM
To: "Short, Todd" <tshort@akamai.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-tls13-21: Signature algorithms definition discrepancy

On Wed, Jul 5, 2017 at 1:46 PM Short, Todd <tshort@akamai.com<mailto:tshort@akamai.com>> wrote:
But the maximum value doesn’t have to be listed twice if it’s already part of a value.

Ah yes, you're right. My bad. I agree that line should not be there either.

So section 11 needs to change...

--
-Todd Short
// tshort@akamai.com<mailto:tshort@akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Jul 5, 2017, at 1:22 PM, David Benjamin <davidben@chromium.org<mailto:davidben@chromium.org>> wrote:

0xFFFF is just the syntax for the maximum value in the enum.

The intent was to match the HashAlgorithm registry which makes 0xFE and 0xFF the private use values, so I would say the enum is correct and the IANA considerations text is wrong. This ensures we don't collide with any existing TLS 1.2 private use allocations.

On Wed, Jul 5, 2017 at 1:05 PM Short, Todd <tshort@akamai.com<mailto:tshort@akamai.com>> wrote:
In section 4.2.3 the definitions oaf the signature scheme are thus:


enum {

    ...

    /* Reserved Code Points */

    private_use(0xFE00..0xFFFF),

    (0xFFFF)

} SignatureScheme;


This indicates that if the first byte is 254 (0xFE) or 255 (0xFF), that is is for private use. However, in section 11, a new registry is defined for signature schemes:


-  TLS SignatureScheme Registry: Values with the first byte in the

   range 0-254 (decimal) are assigned via Specification Required

   [RFC5226<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5226&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=l109_N0_O2jfQhrTMmDXBVcEfjnnS_cNjtZ-QUzNtTY&s=5sk_b3-vIekmFErj0rRi5Gpm-jPXdqdlgGI7xYAILh4&e=>].  Values with the first byte 255 (decimal) are reserved

   for Private Use [RFC5226<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5226&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=l109_N0_O2jfQhrTMmDXBVcEfjnnS_cNjtZ-QUzNtTY&s=5sk_b3-vIekmFErj0rRi5Gpm-jPXdqdlgGI7xYAILh4&e=>].

Indicates that values with the first byte of 254 are reserved/assigned, and that private use is for values with a first byte of 255.
In addition, the value of 0xFFFF is listed twice in the SignatureScheme enumeration.

I can do a PR, but it needs to be decided wether 0xFE is reserved/assigned or private_use, and whether 0xFFFF has any special value.

--
-Todd Short
// tshort@akamai.com<mailto:tshort@akamai.com>
// "One if by land, two if by sea, three if by the Internet."

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=l109_N0_O2jfQhrTMmDXBVcEfjnnS_cNjtZ-QUzNtTY&s=EAWqDhMCo32S6c4de6RPEdpj7p-tif1Wz-ZbwHQRRaY&e=>

v2.23.0 | Report a Bug | By Email