Re: [TLS] DSS with other than SHA-1 algorithms
Nikos Mavrogiannopoulos <nmav@gnutls.org> Thu, 10 February 2011 16:49 UTC
Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D31833A676A for <tls@core3.amsl.com>; Thu, 10 Feb 2011 08:49:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fvo3uVZ0G-Zq for <tls@core3.amsl.com>; Thu, 10 Feb 2011 08:49:34 -0800 (PST)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by core3.amsl.com (Postfix) with ESMTP id 9D0873A659B for <tls@ietf.org>; Thu, 10 Feb 2011 08:49:34 -0800 (PST)
Received: by qyj19 with SMTP id 19so1247395qyj.10 for <tls@ietf.org>; Thu, 10 Feb 2011 08:49:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=cKQC70HmMJKQxIom4NG0eeFsBy9BwaxpKpwJI6kvP6c=; b=EoqSvRlDj17WBq21XoikNIotb1AjYEtkMos/AGcFJirxQ9/32557lEsLN7eaw4X95E FW4JIA7Bl2QtIMBT2V53OQZpslDErA7AgP/FuoMkWVM0j4vcJlhEdUqGuSLWE8mQTCTv vVSe+TBlfnCDcrzqAFVZ0FKG35a7ihzPvM5hk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=IEd9kO+FHekJcX60KJbYexlk73cmOJq8WYDA3oM0EDl3JCyByU1VzilmtExZfZ8LM+ c2AsHbODFPizBdes5eOlCcNofziazlsW5t8O9uKN/3RKpyhcNChpQIeqeIjnn0PREyDM tljnUe3dB8NV8CTTu+Ew1ALMwQPK2utEDi/oA=
MIME-Version: 1.0
Received: by 10.224.11.75 with SMTP id s11mr17388454qas.16.1297356586813; Thu, 10 Feb 2011 08:49:46 -0800 (PST)
Sender: n.mavrogiannopoulos@gmail.com
Received: by 10.229.232.18 with HTTP; Thu, 10 Feb 2011 08:49:46 -0800 (PST)
In-Reply-To: <4D539DC8.9070106@gnutls.org>
References: <4D539DC8.9070106@gnutls.org>
Date: Thu, 10 Feb 2011 17:49:46 +0100
X-Google-Sender-Auth: obctnvzlWt3B2QScreOgqzgW-Ks
Message-ID: <AANLkTinfSAiMOcvQcfg_uGorpDwXfqgGU8FmvZ_P2MzV@mail.gmail.com>
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Feb 2011 16:49:35 -0000
On Thu, Feb 10, 2011 at 9:11 AM, Nikos Mavrogiannopoulos <nmav@gnutls.org> wrote: > Hello, > According to FIPS-186-3 the DSA algorithm might > be used with hashes other than SHA-1. Moreover > it mentions: > "A hash function that provides a lower security strength than the (L, N) > pair ordinarily should not be used, since this would reduce the > security strength of the digital signature process to a level no greater > than that provided by the hash function." [...] > For TLS 1.2 I suppose that the hash being negotiated > by the signature algorithm extension will be used, > and if it is larger than N, then it will be truncated. I've tried to clarify a bit the issues and make a "best current practice text": http://homes.esat.kuleuven.be/~nikos/draft-mavrogiannopoulos-tls-dss.txt Does this clarification match with what other implementations have done in supporting DSA? (in gnutls for example we didn't truncate the hash, if a larger hash was available to be selected, but rather use the next available...), Would be better if truncation be avoided at all? regards, Nikos
- [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Dr Stephen Henson
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Hovav Shacham
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Simon Josefsson
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Geoffrey Keating
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Daniel Kahn Gillmor
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Jack Lloyd
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Paul Hoffman
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann