Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
Martin Thomson <martin.thomson@gmail.com> Sat, 29 November 2014 07:37 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F4A91A00E9 for <tls@ietfa.amsl.com>; Fri, 28 Nov 2014 23:37:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id slT7BIkrABBw for <tls@ietfa.amsl.com>; Fri, 28 Nov 2014 23:37:38 -0800 (PST)
Received: from mail-ob0-x22a.google.com (mail-ob0-x22a.google.com [IPv6:2607:f8b0:4003:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E000A1A00B7 for <tls@ietf.org>; Fri, 28 Nov 2014 23:37:37 -0800 (PST)
Received: by mail-ob0-f170.google.com with SMTP id wp18so5888561obc.29 for <tls@ietf.org>; Fri, 28 Nov 2014 23:37:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=jzuLipfUQH9A/A8QtxY25qDcZhTGrH5THlZAvtenyeI=; b=WpQFuo1Gfo4tAfrJ6UJtjEffHsPV1YAEYT8J23VlthzBaC+iARpZCrJTU2UdmA4EgT A9ViVbpMUKzzKtS3yb1JM4v4RoghDWEc8L7r9t3MAKYal6aQVgUBsvTKqpmWNCFMZ18g wdUZfVgMgMs2qSwMX5EwJY2q7k3NEA5Z/KGF7Biusn3LBTa9PaZ+HPOVQF/nWQynWYn+ 9iV6wbL2te5EgxzTMnevlEtbo8+Pcqwnez/HfGO7ka42NWN1LyYN9TgJPNbgrn36MjFP yhTU99G7ZNW8BuQCkiE4xSo4Y70+QEH9C9PG3j/DG9P01/OPmZkILWYVcGfu/L7sBQK1 9DSg==
MIME-Version: 1.0
X-Received: by 10.202.168.204 with SMTP id r195mr10614110oie.72.1417246657098; Fri, 28 Nov 2014 23:37:37 -0800 (PST)
Received: by 10.202.115.4 with HTTP; Fri, 28 Nov 2014 23:37:36 -0800 (PST)
In-Reply-To: <D1DCDF76-5CA4-442C-852B-30A88EF3B1B1@pahtak.org>
References: <AA93BAA4-5C5F-4969-8DF6-A83287D80F6D@ieca.com> <AFF9C4EE-6BCA-4AA6-BAB5-A457CDCC67AA@gmail.com> <D1DCDF76-5CA4-442C-852B-30A88EF3B1B1@pahtak.org>
Date: Fri, 28 Nov 2014 23:37:36 -0800
Message-ID: <CABkgnnUNK4be3WYzdrTv43UZmxDW2MVOH4Xmc-mS_06Db7Xbwg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Stephen Checkoway <s@pahtak.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/k91ue0be5ZTVFlPE4tu3FEsyh1s
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Nov 2014 07:37:39 -0000
On 27 November 2014 at 08:15, Stephen Checkoway <s@pahtak.org> wrote: > Why should we require that the certificate be signed with the signature scheme corresponding to the public key? If the certificate is selected based on the cipher suite (ECDSA, for instance), maybe there is a desire to have a uniform chain so that a client doesn't end up in a situation where they can't verify the chain (because they don't have RSA, for example). Now, we do have a lot of implementations that do both, so that's cool. And we have other ways of advertising what signature methods are available. So, maybe this can be loosened to say that all certificates in the chain MUST be supported by the client (as determined by X, where X is TBD, mostly because I'm lazy).
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Nikos Mavrogiannopoulos
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Yoav Nir
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Thomson
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Ryan Sleevi
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Ilari Liusvaara
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Stephen Checkoway
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Sean Turner
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Jeffrey Walton
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Peter Gutmann
- Re: [TLS] WG adoption: draft-nir-tls-rfc4492bis Martin Rex