IETF Logo Mail Archive

Re: [TLS] DSS with other than SHA-1 algorithms

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 24 April 2011 05:24 UTC

Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: tls@ietfc.amsl.com
Delivered-To: tls@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id F11BBE06F9 for <tls@ietfc.amsl.com>; Sat, 23 Apr 2011 22:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.538
X-Spam-Level:
X-Spam-Status: No, score=-3.538 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7EsVxboVG3Rr for <tls@ietfc.amsl.com>; Sat, 23 Apr 2011 22:24:24 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by ietfc.amsl.com (Postfix) with ESMTP id 299E5E06A0 for <tls@ietf.org>; Sat, 23 Apr 2011 22:24:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1303622665; x=1335158665; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20juhovh@iki.fi,=20pgut001@cs.auckland.ac.nz |Subject:=20Re:=20[TLS]=20DSS=20with=20other=20than=20SHA -1=20algorithms|Cc:=20ekr@rtfm.com,=20geoffk@geoffk.org, =20simon@josefsson.org,=20tls@ietf.org|In-Reply-To:=20<CD AED845-7781-49A1-B6FD-D7F47759A200@iki.fi>|Message-Id:=20 <E1QDrnw-0003gv-A4@login01.fos.auckland.ac.nz>|Date:=20Su n,=2024=20Apr=202011=2017:24:20=20+1200; bh=kQRGyuzX+NtrbONe0qFaDfmCeeNemXlfuMzBUp016Os=; b=MeYgdTal64wnzMtLG/iOjEkqQ+B8EKU2oY3Uj/o5YzJtHmxB86eRc8l0 GblV+0w3oR78p7X5lstdqQU2265Hz47rHivYCwb+ERWx2vwQOXO1hZJXh v9f9uR5Yp1LbCh2AXf7XlKoh/9zilAW8t9BkdMz36yBZa8bhUAVIo1oN+ c=;
X-IronPort-AV: E=Sophos;i="4.64,261,1301832000"; d="scan'208";a="57943185"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 24 Apr 2011 17:24:21 +1200
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QDrnw-0002Sj-HI; Sun, 24 Apr 2011 17:24:20 +1200
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QDrnw-0003gv-A4; Sun, 24 Apr 2011 17:24:20 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: juhovh@iki.fi, pgut001@cs.auckland.ac.nz
In-Reply-To: <CDAED845-7781-49A1-B6FD-D7F47759A200@iki.fi>
Message-Id: <E1QDrnw-0003gv-A4@login01.fos.auckland.ac.nz>
Date: Sun, 24 Apr 2011 17:24:20 +1200
Cc: simon@josefsson.org, geoffk@geoffk.org, tls@ietf.org
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Apr 2011 05:24:26 -0000

=?iso-8859-1?Q?Juho_V=E4h=E4-Herttua?= <juhovh@iki.fi> writes:

>I'm sorry I probably wasn't clear enough in my message. I was trying to ask,
>when exactly will the client say that it wants to do P256? Are we talking
>about an exchange where the client doesn't send the elliptic_curves extension
>in its hello message?

Yes.  It transforms the current ECC "suites", which aren't really suites at
all but more an indication of intent to navigate a Chinese menu with details
to be decided later, into true cipher suites.

>1. Client sends a ClientHello with elliptic_curves extension specifying its
>supported extensions

But the elliptic_curves extension isn't part of the ClientHello.  This is the
problem, the ClientHello contains a notification-of-intent and then later bits
and pieces contain the actual suite details.  If any of the later bits and
pieces don't as expected you have to go back to the ClientHello and try
another Chinese-menu option, then go back to the later extensions and see
if... and so on, although in practice everything I've seen so far just aborts
the handshake if they don't see exactly what they expect.

>But I'm using TLS on some devices that simply don't have the processing
>capacity to do P-256 handshakes well.

That's no problem, nothing in the ECC-suites proposal says you can't still use
ECC-Chinese-menu to negotiate whatever you want.  All ECC-suites does is
provide a few standardised true suites that everyone can agree on.

>Sorry if I'm going too much into details here, but I'm simply trying to say
>that requiring support for P-256 might leave out a large number of devices
>with lower capabilities.

Oh no, this doesn't mandate anything, it just provides a single, standard,
unambiguous way of indicating a few common ECC choices, leaving the full
Chinese-menu capability in place for people whose needs aren't met by the
fixed suites.

Peter.

v2.23.0 | Report a Bug | By Email