Re: [TLS] draft-ietf-tls-tls13-21: Signature algorithms definition discrepancy
David Benjamin <davidben@chromium.org> Wed, 05 July 2017 17:53 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E64D4131558 for <tls@ietfa.amsl.com>; Wed, 5 Jul 2017 10:53:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.01
X-Spam-Level:
X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0humu0hGii74 for <tls@ietfa.amsl.com>; Wed, 5 Jul 2017 10:53:48 -0700 (PDT)
Received: from mail-pg0-x233.google.com (mail-pg0-x233.google.com [IPv6:2607:f8b0:400e:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8E13131555 for <tls@ietf.org>; Wed, 5 Jul 2017 10:53:48 -0700 (PDT)
Received: by mail-pg0-x233.google.com with SMTP id j186so127783919pge.2 for <tls@ietf.org>; Wed, 05 Jul 2017 10:53:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oQMOnrXdALuKFSxXDlXBy0wQm+AgWQHkPd08Nw4vluo=; b=DQZfa7jx5aIwh6Nh2/F+ZO4id+FYXcWMyxJEkEYCT4UKCr6lMO2U/rYmasxzcQP4Iq qHLEUISDmHHxOQDgxbWACTkQ1V1LyGKHRhPw3EluIlkvDJz/QTb4vHabN8XUspcgw1PH Xg0UGIV+8wjd4YvwymGiF+rvPxfqCDhtlz8+Y=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oQMOnrXdALuKFSxXDlXBy0wQm+AgWQHkPd08Nw4vluo=; b=PeB7y/EjUCik+GfEsMDya10JUbJHSIBq8BtVNgNdCCFDLsrRrwNNDF3t2oJpFRIzk6 O6dQFy1Bgg96vleWbLfQe25IDteGXYWT3kPWoOcKRpVk8IyIffjGsnJBaJtqVhxHIlKl Ewhb0VsAL+xCPnFIPKTy0Ac151zb9p0VBb+4Q7Q6aQzE3U5lMs53+BK//TA9ffyRtrW+ UAoU2+OaBpPoFcB+KldMIPFpG7IUj4i6rUKvcVrQaeX/WqE4oJbg2btwl5nuVUyOKZMR trhXr63sNqWgapenB+mgpPWQdUPHP/c150nD2AYHPK0W7LnGmwDyMfwfFADdCbMHMRbv TI9A==
X-Gm-Message-State: AIVw110bYkZDQYDrF3PnckcVt83B7aAXDuCGoPFIacZGvQ9A81cTEiza kksjWVsM59NVkHgE+7f9Ex2J76lB2kZL08o=
X-Received: by 10.98.210.199 with SMTP id c190mr21466168pfg.161.1499277228223; Wed, 05 Jul 2017 10:53:48 -0700 (PDT)
MIME-Version: 1.0
References: <B57C3372-71DF-4A4E-AE80-DAEB308C6EB7@akamai.com> <CAF8qwaB2norEb+Bfj6hAXLs+afEUnFwnTH_oSJkNwV4z+KvzCA@mail.gmail.com> <97CEA734-8BDF-42F2-A465-BC271B9F8DC2@akamai.com>
In-Reply-To: <97CEA734-8BDF-42F2-A465-BC271B9F8DC2@akamai.com>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 05 Jul 2017 17:53:36 +0000
Message-ID: <CAF8qwaBUo5g6y6k7qDt0Q=5D3sJaWDDntZuHAsPHCr13hwje9A@mail.gmail.com>
To: "Short, Todd" <tshort@akamai.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a11467c069c2917055395ae4c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/j0sV3S8Oip20ZPO5AlvS73MF8UY>
Subject: Re: [TLS] draft-ietf-tls-tls13-21: Signature algorithms definition discrepancy
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 17:53:51 -0000
On Wed, Jul 5, 2017 at 1:46 PM Short, Todd <tshort@akamai.com> wrote: > But the maximum value doesn’t have to be listed twice if it’s already part > of a value. > Ah yes, you're right. My bad. I agree that line should not be there either. > So section 11 needs to change... > > -- > -Todd Short > // tshort@akamai.com > // "One if by land, two if by sea, three if by the Internet." > > On Jul 5, 2017, at 1:22 PM, David Benjamin <davidben@chromium.org> wrote: > > 0xFFFF is just the syntax for the maximum value in the enum. > > The intent was to match the HashAlgorithm registry which makes 0xFE and > 0xFF the private use values, so I would say the enum is correct and the > IANA considerations text is wrong. This ensures we don't collide with any > existing TLS 1.2 private use allocations. > > On Wed, Jul 5, 2017 at 1:05 PM Short, Todd <tshort@akamai.com> wrote: > >> In section 4.2.3 the definitions oaf the signature scheme are thus: >> >> enum { >> >> ... >> /* Reserved Code Points */ >> private_use(0xFE00..0xFFFF), >> (0xFFFF) >> >> } SignatureScheme; >> >> >> This indicates that if the first byte is 254 (0xFE) or 255 (0xFF), that >> is is for private use. However, in section 11, a new registry is defined >> for signature schemes: >> >> - TLS SignatureScheme Registry: Values with the first byte in the >> range 0-254 (decimal) are assigned via Specification Required >> [RFC5226 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5226&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=l109_N0_O2jfQhrTMmDXBVcEfjnnS_cNjtZ-QUzNtTY&s=5sk_b3-vIekmFErj0rRi5Gpm-jPXdqdlgGI7xYAILh4&e=>]. Values with the first byte 255 (decimal) are reserved >> for Private Use [RFC5226 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5226&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=l109_N0_O2jfQhrTMmDXBVcEfjnnS_cNjtZ-QUzNtTY&s=5sk_b3-vIekmFErj0rRi5Gpm-jPXdqdlgGI7xYAILh4&e=>]. >> >> >> Indicates that values with the first byte of 254 are reserved/assigned, >> and that private use is for values with a first byte of 255. >> In addition, the value of 0xFFFF is listed twice in the SignatureScheme >> enumeration. >> >> I can do a PR, but it needs to be decided wether 0xFE is >> reserved/assigned or private_use, and whether 0xFFFF has any special value. >> >> -- >> -Todd Short >> // tshort@akamai.com >> // "One if by land, two if by sea, three if by the Internet." >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=QBEcQsqoUDdk1Q26CzlzNPPUkKYWIh1LYsiHAwmtRik&m=l109_N0_O2jfQhrTMmDXBVcEfjnnS_cNjtZ-QUzNtTY&s=EAWqDhMCo32S6c4de6RPEdpj7p-tif1Wz-ZbwHQRRaY&e=> >> > >
- [TLS] draft-ietf-tls-tls13-21: Signature algorith… Short, Todd
- Re: [TLS] draft-ietf-tls-tls13-21: Signature algo… David Benjamin
- Re: [TLS] draft-ietf-tls-tls13-21: Signature algo… Short, Todd
- Re: [TLS] draft-ietf-tls-tls13-21: Signature algo… David Benjamin
- Re: [TLS] draft-ietf-tls-tls13-21: Signature algo… Short, Todd