Re: [TLS] DSS with other than SHA-1 algorithms
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sun, 24 April 2011 05:24 UTC
Return-Path: <pgut001@login01.cs.auckland.ac.nz>
X-Original-To: tls@ietfc.amsl.com
Delivered-To: tls@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id F11BBE06F9 for <tls@ietfc.amsl.com>; Sat, 23 Apr 2011 22:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.538
X-Spam-Level:
X-Spam-Status: No, score=-3.538 tagged_above=-999 required=5 tests=[AWL=0.061, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7EsVxboVG3Rr for <tls@ietfc.amsl.com>; Sat, 23 Apr 2011 22:24:24 -0700 (PDT)
Received: from mx2-int.auckland.ac.nz (mx2-int.auckland.ac.nz [130.216.12.41]) by ietfc.amsl.com (Postfix) with ESMTP id 299E5E06A0 for <tls@ietf.org>; Sat, 23 Apr 2011 22:24:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=pgut001@cs.auckland.ac.nz; q=dns/txt; s=uoa; t=1303622665; x=1335158665; h=from:to:subject:cc:in-reply-to:message-id:date; z=From:=20Peter=20Gutmann=20<pgut001@cs.auckland.ac.nz> |To:=20juhovh@iki.fi,=20pgut001@cs.auckland.ac.nz |Subject:=20Re:=20[TLS]=20DSS=20with=20other=20than=20SHA -1=20algorithms|Cc:=20ekr@rtfm.com,=20geoffk@geoffk.org, =20simon@josefsson.org,=20tls@ietf.org|In-Reply-To:=20<CD AED845-7781-49A1-B6FD-D7F47759A200@iki.fi>|Message-Id:=20 <E1QDrnw-0003gv-A4@login01.fos.auckland.ac.nz>|Date:=20Su n,=2024=20Apr=202011=2017:24:20=20+1200; bh=kQRGyuzX+NtrbONe0qFaDfmCeeNemXlfuMzBUp016Os=; b=MeYgdTal64wnzMtLG/iOjEkqQ+B8EKU2oY3Uj/o5YzJtHmxB86eRc8l0 GblV+0w3oR78p7X5lstdqQU2265Hz47rHivYCwb+ERWx2vwQOXO1hZJXh v9f9uR5Yp1LbCh2AXf7XlKoh/9zilAW8t9BkdMz36yBZa8bhUAVIo1oN+ c=;
X-IronPort-AV: E=Sophos;i="4.64,261,1301832000"; d="scan'208";a="57943185"
X-Ironport-HAT: APP-SERVERS - $RELAYED
X-Ironport-Source: 130.216.33.150 - Outgoing - Outgoing
Received: from mf1.fos.auckland.ac.nz ([130.216.33.150]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 24 Apr 2011 17:24:21 +1200
Received: from login01.fos.auckland.ac.nz ([130.216.34.40]) by mf1.fos.auckland.ac.nz with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QDrnw-0002Sj-HI; Sun, 24 Apr 2011 17:24:20 +1200
Received: from pgut001 by login01.fos.auckland.ac.nz with local (Exim 4.69) (envelope-from <pgut001@login01.cs.auckland.ac.nz>) id 1QDrnw-0003gv-A4; Sun, 24 Apr 2011 17:24:20 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: juhovh@iki.fi, pgut001@cs.auckland.ac.nz
In-Reply-To: <CDAED845-7781-49A1-B6FD-D7F47759A200@iki.fi>
Message-Id: <E1QDrnw-0003gv-A4@login01.fos.auckland.ac.nz>
Date: Sun, 24 Apr 2011 17:24:20 +1200
Cc: simon@josefsson.org, geoffk@geoffk.org, tls@ietf.org
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Apr 2011 05:24:26 -0000
=?iso-8859-1?Q?Juho_V=E4h=E4-Herttua?= <juhovh@iki.fi> writes: >I'm sorry I probably wasn't clear enough in my message. I was trying to ask, >when exactly will the client say that it wants to do P256? Are we talking >about an exchange where the client doesn't send the elliptic_curves extension >in its hello message? Yes. It transforms the current ECC "suites", which aren't really suites at all but more an indication of intent to navigate a Chinese menu with details to be decided later, into true cipher suites. >1. Client sends a ClientHello with elliptic_curves extension specifying its >supported extensions But the elliptic_curves extension isn't part of the ClientHello. This is the problem, the ClientHello contains a notification-of-intent and then later bits and pieces contain the actual suite details. If any of the later bits and pieces don't as expected you have to go back to the ClientHello and try another Chinese-menu option, then go back to the later extensions and see if... and so on, although in practice everything I've seen so far just aborts the handshake if they don't see exactly what they expect. >But I'm using TLS on some devices that simply don't have the processing >capacity to do P-256 handshakes well. That's no problem, nothing in the ECC-suites proposal says you can't still use ECC-Chinese-menu to negotiate whatever you want. All ECC-suites does is provide a few standardised true suites that everyone can agree on. >Sorry if I'm going too much into details here, but I'm simply trying to say >that requiring support for P-256 might leave out a large number of devices >with lower capabilities. Oh no, this doesn't mandate anything, it just provides a single, standard, unambiguous way of indicating a few common ECC choices, leaving the full Chinese-menu capability in place for people whose needs aren't met by the fixed suites. Peter.
- [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Dr Stephen Henson
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Hovav Shacham
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Simon Josefsson
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Geoffrey Keating
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Eric Rescorla
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Daniel Kahn Gillmor
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Jack Lloyd
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Nikos Mavrogiannopoulos
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Juho Vähä-Herttua
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Paul Hoffman
- Re: [TLS] DSS with other than SHA-1 algorithms Martin Rex
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Rob Stradling
- Re: [TLS] DSS with other than SHA-1 algorithms Peter Gutmann