[TLS] Adding a new signature scheme
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Fri, 07 August 2015 05:40 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CED721B363E for <tls@ietfa.amsl.com>; Thu, 6 Aug 2015 22:40:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0QfxOgPy3ySy for <tls@ietfa.amsl.com>; Thu, 6 Aug 2015 22:40:00 -0700 (PDT)
Received: from emh06.mail.saunalahti.fi (emh06.mail.saunalahti.fi [62.142.5.116]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A51541B363B for <tls@ietf.org>; Thu, 6 Aug 2015 22:39:59 -0700 (PDT)
Received: from LK-Perkele-VII (a91-155-194-207.elisa-laajakaista.fi [91.155.194.207]) by emh06.mail.saunalahti.fi (Postfix) with ESMTP id DA1A4699C2 for <tls@ietf.org>; Fri, 7 Aug 2015 08:39:56 +0300 (EEST)
Date: Fri, 07 Aug 2015 08:39:56 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: tls@ietf.org
Message-ID: <20150807053956.GA5394@LK-Perkele-VII>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ZikDSZdh3pEi3ISWgXT-OzNoBRc>
Subject: [TLS] Adding a new signature scheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 05:40:03 -0000
This is about adding a new signature primitive (such as the (eventual) CFRG scheme). There are basically two issues: 1) Do we allocate new ciphersuite codepoints or not? So far each certificate algorithm in ciphersuite has corresponded to only one signature algorithm. Implications of new codepoints: - More ciphersuites (about 11). - Needs TLS 1.2+ anyway, because the ciphers are presumably AEAD mode and those need TLS 1.2+. - Keep existing semantics. Implication of reusing ECDSA codepoints. - No new ciphersuites - Needs TLS 1.2+ - Redefines existing semantics a bit. 2) What does the SignatureAndHashAlgorithm.hash mean exactly? The TLS 1.2 RFC isn't specific enough. I see two choices: a) The field sets hash (prehash) to perform before passing the hash to be signed (the description of "none" and description of Certificate Verify message hints at this interpretation). b) The field parameterizes the signature scheme in some scheme- specific way (but what would "none" mean in context of this, the scheme having no hash parameters?). All the existing schemes are compatible with interpratation a). But for proposals for CFRG scheme: All proposed schemes have a hash parameter (the only one or one of two) that is incompatible with interpretation a): 1) Only one hash that does not prehash the message. 2) Two hash functions, one prehash (can be identity) and one internal hash. Prehash can be chosen per-signature. 3) Two hash functions, one prehash (can be identity) and one internal hash. Prehash is not indicated, so one has to be careful changing it. So if interpretation a) is the correct one, one presumably has to fix the internal hash in signature scheme codepoint (E.g. to SHA-512 for signature scheme #4). -Ilari
- [TLS] Adding a new signature scheme Ilari Liusvaara
- Re: [TLS] Adding a new signature scheme Simon Josefsson