Re: [TLS] Mail regarding draft-ietf-tls-rfc4346-bis
Hubert Kario <hkario@redhat.com> Fri, 22 March 2019 11:42 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E02CC12426E for <tls@ietfa.amsl.com>; Fri, 22 Mar 2019 04:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B88KA07ekwUd for <tls@ietfa.amsl.com>; Fri, 22 Mar 2019 04:42:14 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FAF91200D7 for <tls@ietf.org>; Fri, 22 Mar 2019 04:42:14 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id ACA9231688E3; Fri, 22 Mar 2019 11:42:13 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (unknown [10.43.21.83]) by smtp.corp.redhat.com (Postfix) with ESMTP id E986C19C59; Fri, 22 Mar 2019 11:42:12 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Cc: Urmas Vanem <urmas.vanem@octox.eu>
Date: Fri, 22 Mar 2019 12:42:05 +0100
Message-ID: <26335753.z3l0WScG8P@pintsize.usersys.redhat.com>
In-Reply-To: <VI1PR0101MB2336F08960C01C00F628D1E58C420@VI1PR0101MB2336.eurprd01.prod.exchangelabs.com>
References: <VI1PR0101MB2336F08960C01C00F628D1E58C420@VI1PR0101MB2336.eurprd01.prod.exchangelabs.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1654796.KTl0pNcuXd"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]); Fri, 22 Mar 2019 11:42:13 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Zt_60IOmVO8kbhHOiPpCCCkwsY4>
Subject: Re: [TLS] Mail regarding draft-ietf-tls-rfc4346-bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 11:42:17 -0000
On Thursday, 21 March 2019 12:16:08 CET Urmas Vanem wrote: > Hi! > > I try to find authoritative explanation for some aspects in RFC 5246 (TLS > 1..2). I hope this is right place to ask. > > Background: Company A has client/browser and company B has web server. > Server has certificate and it also requires certificate from client. Client > do not advertise signature_algorithm ECDSA/SHA512 in its client hello. > Server supports signature_algorithm ECDSA/SHA512 by default, but it does > not send it to client with certificate request message because it is not > advertised in client hello! (Communication fails.) > > > * Company B says that this is correct implementation for RFC 5246 - only > common signature algorithms for both parties must be included in > signature_algorithms extension in certificate request message! no, that's not correct interpretation of RFC 5246, signature_algorithms advertised in ClientHello and in CertificateRequest are independent. In the description of Signature Algorithms extension, section 7.4.1.4.1, the algorithms are what the _client_ is willing to _verify_: Each SignatureAndHashAlgorithm value lists a single hash/signature pair that the client is willing to verify. Formally, client does not verify its own signatures. No part of Section 7.4.4. states that the CertificateRequest.supported_signature_algorithms must be a subset of the values advertised in signature_algorithms extension from ClientHello. Again in Section 7.4.8. it is stated that the signature algorithm used must have been present in CertificateRequest.supported_signature_algorithms. There is no mention of signature_algorithms from ClientHello. > * Company > A says that in correct implementation of RFC 5246 all signature_algorithms > supported by server must be included in certificate request message (and > client hello has nothing to do with certificate request message)! -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [TLS] Mail regarding draft-ietf-tls-rfc4346-bis Urmas Vanem
- Re: [TLS] Mail regarding draft-ietf-tls-rfc4346-b… Eric Rescorla
- Re: [TLS] Mail regarding draft-ietf-tls-rfc4346-b… Hubert Kario