Re: [TLS] TLS 1.2 hash agility

Mike <mike-list@pobox.com> Sat, 15 September 2007 18:57 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWcpC-0001KE-9c; Sat, 15 Sep 2007 14:57:02 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IWcpB-0001K9-9M for tls@ietf.org; Sat, 15 Sep 2007 14:57:01 -0400
Received: from rune.pobox.com ([208.210.124.79]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IWcpA-0000gq-47 for tls@ietf.org; Sat, 15 Sep 2007 14:57:01 -0400
Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id 969E41358F2 for <tls@ietf.org>; Sat, 15 Sep 2007 14:57:19 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 4D02E1358C9 for <tls@ietf.org>; Sat, 15 Sep 2007 14:57:19 -0400 (EDT)
Message-ID: <46EC2AE7.9040903@pobox.com>
Date: Sat, 15 Sep 2007 11:56:39 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] TLS 1.2 hash agility
References: <46ABB82D.8090709@pobox.com> <46ACCCCB.8000201@pobox.com> <B356D8F434D20B40A8CEDAEC305A1F24046B2496@esebe105.NOE.Nokia.com> <20070914215611.0342933C21@delta.rtfm.com> <46EB102E.2070900@pobox.com> <20070914225606.9E9B433C21@delta.rtfm.com>
In-Reply-To: <20070914225606.9E9B433C21@delta.rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c1c65599517f9ac32519d043c37c5336
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

I have an idea.  Change the Cert Hash Types extension to the Supported
Signature Algorithms extension, and allow the server to respond with
its supported algorithms (only if the client sends its list, of course).

     struct {
         SignatureAlgorithm supported_algorithms<2..2^16-2>;
     } SupportedSignatureAlgorithms;

If the client doesn't send the extension, the server would assume the
client supports rsa_with_sha1, rsa_with_md5 (?), and dsa_with_sha1
(and the appropriate ecdsa algorithms if an ECDSA cipher suite is
negotiated).  Since the server can't send its list if the client
doesn't, the client must assume that the server only supports the same
list of algorithms.

If the client sends its list, and the server doesn't respond with the
extension, the client must assume that the server only supports the
algorithms mentioned above.  A client that requires better algorithms
than MD5 and SHA-1, can abort the session if it doesn't receive the
extension in the ServerHello, or if the list doesn't contain an
acceptable algorithm.

You can remove the HashType list from the CertificateRequest message
since it is handled by the server's SupportedSignatureAlgorithms
extension.  The client also chooses a certificate signed with a listed
algorithm.

If the Signature becomes (as Pasi suggested):

     struct {
         SignatureAlgorithm signature_algorithm;
         opaque signature_value<0..2^16-1>;
     } Signature;

we'd also need to add a null signature algorithm:

     enum {
         null(0),            rsa_with_md5(1),
         rsa_with_sha1(2),   rsa_with_sha256(3),
         rsa_with_sha384(4), rsa_with_sha512(5),
         dsa_with_sha1(6),
         (65535)
     } SignatureAlgorithm;

for use with anonymous exchanges.

Mike

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls