IETF Logo Mail Archive

Re: [TLS] DSS with other than SHA-1 algorithms

" Juho Vähä-Herttua " <juhovh@gmail.com> Wed, 13 April 2011 16:33 UTC

Return-Path: <juhovh@gmail.com>
X-Original-To: tls@ietfc.amsl.com
Delivered-To: tls@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 26563E07C7 for <tls@ietfc.amsl.com>; Wed, 13 Apr 2011 09:33:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9QHXqmb6XRzr for <tls@ietfc.amsl.com>; Wed, 13 Apr 2011 09:33:53 -0700 (PDT)
Received: from mail-ew0-f44.google.com (mail-ew0-f44.google.com [209.85.215.44]) by ietfc.amsl.com (Postfix) with ESMTP id 22DBEE07CF for <tls@ietf.org>; Wed, 13 Apr 2011 09:33:53 -0700 (PDT)
Received: by ewy19 with SMTP id 19so276445ewy.31 for <tls@ietf.org>; Wed, 13 Apr 2011 09:33:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to:x-mailer; bh=CcYHvpG4uAmddENgVuO5q4rM/R9QglUV6Qbf9p3wSlg=; b=AgwTbR/dYT5teo+iWlsDHf4hzpNohk3mT6q2UCpM/qTy3NC1XOjKsZHR+mn/pmyg4n +ebFSGQbOZ7pQIbjQ6DDDiaipRbpz3CzqV1wwMksYRIuI15k379eGoLJMH4j7bzKlXnB um//CBpJhzDs1+7KERRus79vB5ERQ9x9mW2kI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=TWwQ/Xk4s5c+sfhdASfyof7tNMMbkFMUpy99gAJl1p3wAAmYp0/qS8Tj+wYEewmVyB GLZTTit1M2zz7EFCBF7l+/Beq/599gsA4OD20eRRShU11zU0OfOt/+PwSY40KTaGK/TP 8HU6Y8b7tOZ4dF2NM60b0/lHIxHNi5gtTjRw0=
Received: by 10.213.20.78 with SMTP id e14mr295901ebb.74.1302712432161; Wed, 13 Apr 2011 09:33:52 -0700 (PDT)
Received: from [192.168.1.100] (dsl-hkibrasgw3-ff2cc000-252.dhcp.inet.fi [88.192.44.252]) by mx.google.com with ESMTPS id x54sm513503eeh.5.2011.04.13.09.33.49 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 13 Apr 2011 09:33:50 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Juho Vähä-Herttua <juhovh@gmail.com>
In-Reply-To: <E1Q9tQq-0006Q4-VU@login01.fos.auckland.ac.nz>
Date: Wed, 13 Apr 2011 19:33:48 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <4da5d06e.ce7c0e0a.71c9.1ce4@mx.google.com>
References: <E1Q9tQq-0006Q4-VU@login01.fos.auckland.ac.nz>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.1084)
X-Mailman-Approved-At: Wed, 13 Apr 2011 09:47:52 -0700
Cc: simon@josefsson.org, geoffk@geoffk.org, tls@ietf.org
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2011 16:33:54 -0000

On Apr 13, 2011, at 9:20 AM, Peter Gutmann wrote:
>> 3. The ECC issues you raise are not issues in 5246 at all, since ECC is 
>> specified in a different document (4492).
> 
> 5246 claims to be an update to 4492 (line 4 of the doc), and a far more 
> drastic one than just adding a few new cipher suites since it's not 
> backwards-compatible with 4492.  This would be just another update of 4492,
> and one that's fully backwards-compatible.

I had to go to dig out the original email describing the ECC issues, because
I didn't read it well enough the first time. I was wondering if you could
clarify the following statement a bit:

Sub-issue: The overall suite chosen can be retroactively modified by ECC
parameters sent later in the handshake, so when choosing a suite you have to
remember not only the main suite but also one (or possibly more) backup suites
to fall back on if a later ECC parameter means you can't use your first
choice.

I don't see how this works, because in case of ECC the server is always
selecting the cipher suite and sending the ServerKeyExchange, and these both
happen between ServerHello and ServerHelloDone. What did I miss?

Otherwise I think we can agree that the ECC extension in TLS is very complex,
but then again I'm happy that it doesn't mandate for example supporting P256
curve, because I'm working with devices that wouldn't have the resources for
handling it.


Juho

v2.23.0 | Report a Bug | By Email