Re: [TLS] Empty CertificateRequest.supported_signature_algorithms in TLS 1.2

Eric Rescorla <ekr@rtfm.com> Wed, 21 November 2018 22:01 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34F2F12D7F8 for <tls@ietfa.amsl.com>; Wed, 21 Nov 2018 14:01:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.358
X-Spam-Level:
X-Spam-Status: No, score=-3.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vdioP-hNeKSE for <tls@ietfa.amsl.com>; Wed, 21 Nov 2018 14:01:35 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A77E12D4E9 for <tls@ietf.org>; Wed, 21 Nov 2018 14:01:34 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id s5-v6so6174728ljd.12 for <tls@ietf.org>; Wed, 21 Nov 2018 14:01:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zjm0KrO3Qar00HorRBSPrg8CAX57kqeg8Rnac52YCXQ=; b=GEG8oVnt6PIqiJPt28TI2/JzdRnOyc2kZ2hUgu28N9HUuXJOWW7zMxDwRgsR9ycVkb 0oGjbgBYh50HWHaH079ThUWkU6jazVypIerkvCORRBRJ2lLE2rZiFTQXI+d1Et5QPZCk VMEMuMzHMGJ1Oo/ae4jyihp6+94xTkTAmu19gwAhQVjPxMtzMjEFDq1Uh14wDO1CAX3O liNg73rYZ8NG7Hf62nUtSlx1yq5d7+p/8O/I0o+iY5h7fV8JpThP4yQVcXqn49pB0wM5 uJMuRUpUauaa0UfqUsv/BuKBYPwyYz4dNIapYs29kfxKErl3zkbxlV0cPv3Xaie6exto Rjzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zjm0KrO3Qar00HorRBSPrg8CAX57kqeg8Rnac52YCXQ=; b=gCFe690j3LaeSsQ3OT/FdgIwRIka/dOctD3mM2uP6CIXt5m71EK8qK3KNBkuNH/FhW 694H+d8sLkg9P3m0/JO0Ik9jiczC+QE/JMi6dF8FvowoifqaFtqXFZVH4JFNftjjcz/V 7ReMx/ZNU4th5W4VLvhR3gINI8qpezAHm+G8pQ4VRkIhAusBj0blLMZN657QedOWiarN YXwTO7792weVLpRyCoze1noiXTD2y5xIkUhx6KmdBkaC9RSpNxRlAoz9y/IcNPlu/+f+ aMF13elHV0X+pA/RUeJNOirQWmcstNE2cR8jHvXSIW+RZ6HTyW+5DbhMue2uS2H7bmak +bQA==
X-Gm-Message-State: AA+aEWbR2ynW0A+kk1FK9l9RTTU/Ean4l8mAJpIXizlcUt5+lTA25ptv bENnsFh4ggHopjZOVvA6pLRoErQYVvw8WCOIVdRdKA==
X-Google-Smtp-Source: AFSGD/Vm5hgB72LW4LBMJF1RhXgjqRUHS3lOtKxZT/x2TVSdRcoAwhVOvm1Hnuxaqo0TUPpJ49LQ2boVeUMcKd89kl4=
X-Received: by 2002:a2e:9a84:: with SMTP id p4-v6mr5084538lji.73.1542837692677; Wed, 21 Nov 2018 14:01:32 -0800 (PST)
MIME-Version: 1.0
References: <CABkgnnUxd_cbh-kASTTyPbGvk1fg2cUfUWwNa4cvB2DV8kMRSw@mail.gmail.com>
In-Reply-To: <CABkgnnUxd_cbh-kASTTyPbGvk1fg2cUfUWwNa4cvB2DV8kMRSw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 21 Nov 2018 14:00:55 -0800
Message-ID: <CABcZeBOPUUFdhD9w+cdMjK7W6FCFqjdvpbae0HCg-G_0heHX+A@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009e7fbc057b33e416"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/m7mc3L-_RBVVFM-3a1HvndFC560>
Subject: Re: [TLS] Empty CertificateRequest.supported_signature_algorithms in TLS 1.2
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 22:01:37 -0000

On Wed, Nov 21, 2018 at 1:50 PM Martin Thomson <martin.thomson@gmail.com>;
wrote:

> In attempting to fix a bug related to this, a question came up about
> what the semantics of an empty value is here.  Some implementations
> seem to infer that empty means {*,SHA1}, which effectively assumes
> that an empty value is equivalent to an absent signature_algorithms
> extension (Section 7.4.1.4.1)
>
> The text on CertificateRequest is less clear about what to do.  That's
> understandable because it doesn't have to deal with the value being
> absent because it's not optional.  All we have to go on is this from
> Section 7.4.8:
>
>    The hash and signature algorithms used in the signature MUST be
>    one of those present in the supported_signature_algorithms field
>    of the CertificateRequest message.
>
> We think that treating an empty supported_signature_algorithms field
> as an error is the best response and plan to implement that change.
> We'll send a fatal alert if we receive one.
>

Yes, I believe this is the right approach.

-Ekr


> This is consistent with our handling of the signature_algorithms
> extension, where we treat an empty list as a failure.
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>