Re: [TLS] Should TLS 1.3 servers send "signature_algorithms" extensions

Xiaoyin Liu <xiaoyin.l@outlook.com> Mon, 19 September 2016 23:18 UTC

Return-Path: <xiaoyin.l@outlook.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC75612B020 for <tls@ietfa.amsl.com>; Mon, 19 Sep 2016 16:18:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.018
X-Spam-Level:
X-Spam-Status: No, score=-2.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 016Ib2GUO4AN for <tls@ietfa.amsl.com>; Mon, 19 Sep 2016 16:18:32 -0700 (PDT)
Received: from COL004-OMC2S11.hotmail.com (col004-omc2s11.hotmail.com [65.55.34.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D2E1127077 for <tls@ietf.org>; Mon, 19 Sep 2016 16:18:32 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com ([65.55.34.71]) by COL004-OMC2S11.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Mon, 19 Sep 2016 16:18:31 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XIJV1AdO9GZKl0Y0GnOpL7mYH17RliJtX4Zyw0y/bNo=; b=rAprNqaJUY+1jTrQJjbTj64UiFVINsa/OmEfpF1B6s3LzatR2Q7FQM7ojI2eZeI+1NDMbV211Zipusfp5CbSbQCPXzocPC728/z/nOlDgy/+PyZUvFj6jDq7755VhokGEmfto0XA9S+rTJyrOCxVrWZEZy9iKbW40OwdfDyw79KLKHejg1RIF6EZn1Y+i4NcIM/Fhzn2qvK3dAqKCfb1b1Hh2oct3TnKQgA9x4cdUBfoY4GNjtRnuKqwxR3J2frgUdj27zTNUAlMH01hgWR1ZbrzPyIQ7uLOm64ki2UGn8WUEeGWPOzMXdasMw0bPnti9q6gfNRuFvg5FyY2Z1op9w==
Received: from BL2NAM02FT010.eop-nam02.prod.protection.outlook.com (10.152.76.58) by BL2NAM02HT091.eop-nam02.prod.protection.outlook.com (10.152.76.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.619.6; Mon, 19 Sep 2016 23:18:30 +0000
Received: from CY1PR15MB0778.namprd15.prod.outlook.com (10.152.76.54) by BL2NAM02FT010.mail.protection.outlook.com (10.152.77.53) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.629.5 via Frontend Transport; Mon, 19 Sep 2016 23:18:30 +0000
Received: from CY1PR15MB0778.namprd15.prod.outlook.com ([10.169.22.10]) by CY1PR15MB0778.namprd15.prod.outlook.com ([10.169.22.10]) with mapi id 15.01.0629.006; Mon, 19 Sep 2016 23:18:29 +0000
From: Xiaoyin Liu <xiaoyin.l@outlook.com>
To: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [TLS] Should TLS 1.3 servers send "signature_algorithms" extensions
Thread-Index: AdISyROb8Ye1yhUJQdmgPlvSWdiRJgAAj+OAAAASiNA=
Date: Mon, 19 Sep 2016 23:18:29 +0000
Message-ID: <CY1PR15MB0778E2CF0121582F9C56873FFFF40@CY1PR15MB0778.namprd15.prod.outlook.com>
References: <CY1PR15MB0778D9D3AE6022E4F268B534FFF40@CY1PR15MB0778.namprd15.prod.outlook.com> <CABcZeBM4XHjfHmAULEje1_t1rsk_77jdOxotMdOq=v1r+9Vvmw@mail.gmail.com>
In-Reply-To: <CABcZeBM4XHjfHmAULEje1_t1rsk_77jdOxotMdOq=v1r+9Vvmw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=softfail (sender IP is 10.152.76.54) smtp.mailfrom=outlook.com; rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=fail action=none header.from=outlook.com;
received-spf: SoftFail (protection.outlook.com: domain of transitioning outlook.com discourages use of 10.152.76.54 as permitted sender)
x-tmn: [hZrWE+Av6wr76uLRUdWWXqMsWBzNj9LH]
x-eopattributedmessage: 0
x-microsoft-exchange-diagnostics: 1; BL2NAM02HT091; 6:r1L1i7+MlnUhDXnZF7pL6F58XiSmdOqXMoJ3U2MGafD9G20d6HsXtlQZkrcIh967NOIcHT1VJU4zIP0mvYnMRxWnInUHjPDfu2G9mMC+eHrFFbIgxGyVF1egmyrByma9LM7oGkELDoWBqWaOrjNCokuui4hLI2wgppqGKmeprUk3NBAxDBm6ZCDmZCBlnJflSMjwvfDOCl2VfWcWjE76wurquOqZQ+GwUS/1Ss0liGXhPV+f43OknZ9b5QOMwbkf+kea1NA7kSUh6ZvRG3ff2hTAfuVKEUWYXpNJJIgnCrk=; 5:6siMGfh4l0QK4ZZBIPv6shGUwKkH2wHg4ERTM/8GbraehMQlgrnM4palsEwNz7obf6LIiCTP2Vrqe4qJzuEbRsoBRA2UZKTFpq3ChqC1aCa2ZYA5uBxnbi6pzGqbRPsrJfkCSk9DUxGiP+4YXKy4jg==; 24:VmC+9LzU5KoTidQEZF9PmXwhnlL7wuC7snnot6kPOWQwiA+omHFnKFoAUvYc3iJGglHLLzGK5fXOjzwXj7tJOgSBbyqxnMNc42yErsRFrW0=; 7:AEsznoVVm/DNXyBkBHeHUYgS4kRKFgy/TGlRA3viKDd1V330hjnHxPHaH+9fWHa0e/lv2xrybR8kP0fhiO7UJ1ZQKkg8f1CHIqfPtJCo7XgwywOmhyX2E7OR8Kl/pWfZfuDMC8LlhIHF1mILjGGdLg7BP5TDzZ5zEybCGsqtozbbvimcsLvLFyVUvSh0LSuQStUtP39RlwfGp78u22nrzzSCBoVcr79sjpx5fR50gzipF4gfOQOXO5wGakPhJyCUbe1gHwQiaK2ZTSibgIQAK9ErQTj7GhNHbOElykgy5I3TUGFMeBJ+ffBqBvDut00+
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2NAM02HT091; H:CY1PR15MB0778.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en;
x-ms-office365-filtering-correlation-id: 107ac294-9634-4f41-91c8-08d3e0e34421
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(1601124038)(1603103081)(1601125047); SRVR:BL2NAM02HT091;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(432015012)(82015046); SRVR:BL2NAM02HT091; BCL:0; PCL:0; RULEID:; SRVR:BL2NAM02HT091;
x-forefront-prvs: 0070A8666B
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR15MB0778E2CF0121582F9C56873FFFF40CY1PR15MB0778namp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2016 23:18:29.3259 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT091
X-OriginalArrivalTime: 19 Sep 2016 23:18:31.0987 (UTC) FILETIME=[232BD830:01D212CC]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jyTaXU3x4vnTPFlHUUEtt04l1YA>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Should TLS 1.3 servers send "signature_algorithms" extensions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2016 23:18:34 -0000

Thank you for your explanation, Eric!

Xiaoyin

From: Eric Rescorla [mailto:ekr@rtfm.com]
Sent: Monday, September 19, 2016 7:13 PM
To: Xiaoyin Liu <xiaoyin.l@outlook.com>
Cc: tls@ietf.org
Subject: Re: [TLS] Should TLS 1.3 servers send "signature_algorithms" extensions



On Mon, Sep 19, 2016 at 3:56 PM, Xiaoyin Liu <xiaoyin.l@outlook.com<mailto:xiaoyin.l@outlook.com>> wrote:
Hello,

There seems to be a conflict in the TLS 1.3 spec on whether servers should send “signature_algorithms” extension or not. In section 4.2.2 Signature Algorithms<https://tlswg.github.io/tls13-spec/#signature-algorithms>, it says:
Servers which are authenticating via a certificate MUST indicate so by sending the client an empty “signature_algorithms” extension.

But in section 8.2 MTI Extensions<https://tlswg.github.io/tls13-spec/#mti-extensions>, it says:
Servers MUST NOT send the “signature_algorithms” extension

So should a server send am empty “signature_algorithms” extension or not in ServerHello?

Section 8.2 is a bug in the spec. Servers need to send sig_algs if they are signing.

David Benjamin has suggested an alternative encoding which I may put in a future draft, but for -15, you need to send it.

-Ekr


Thank you!
Xiaoyin

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls