[TLS] Deprecated signature algorithms in RFC8446

Tobias Reiher <reiher@componolit.com> Fri, 03 May 2019 12:43 UTC

Return-Path: <reiher@componolit.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B39212015D for <tls@ietfa.amsl.com>; Fri, 3 May 2019 05:43:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9H74_q7ifyRp for <tls@ietfa.amsl.com>; Fri, 3 May 2019 05:43:33 -0700 (PDT)
Received: from mail.kofje.de (mail.kofje.de [87.106.138.10]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F0851200B7 for <tls@ietf.org>; Fri, 3 May 2019 05:43:32 -0700 (PDT)
Received: from [192.168.188.31] (ip-81-201-155-53.static.reverse.dsi.net [81.201.155.53]) by mail.kofje.de (Postfix) with ESMTPSA id 345A911280BC; Fri, 3 May 2019 14:43:30 +0200 (CEST)
From: Tobias Reiher <reiher@componolit.com>
Openpgp: preference=signencrypt
Autocrypt: addr=reiher@componolit.com; prefer-encrypt=mutual; keydata= mDMEW+WgCxYJKwYBBAHaRw8BAQdACZ7HEcKNFROJA/GJfwepYDJreIYQ/uqelk6uvNsWm9u0 JVRvYmlhcyBSZWloZXIgPHJlaWhlckBjb21wb25vbGl0LmNvbT6IlgQTFggAPhYhBJAYjDCm DClnhPomtThH+WcLNQ9HBQJb5aALAhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA AAoJEDhH+WcLNQ9H74ABAJ9oIrtAoRhTCgTmazKrLzyvpvTlzzdckfSVkmKxd95SAP0VrQEp pKCv5xF4Z1RzlT2YhjzQET1u8SCT2ceAM7sZDLg4BFvloAsSCisGAQQBl1UBBQEBB0Aw4YPO tmpsBilwlanzRVNM4QwQPE9EJr4Hct8TyqqAQAMBCAeIfgQYFggAJhYhBJAYjDCmDClnhPom tThH+WcLNQ9HBQJb5aALAhsMBQkB4TOAAAoJEDhH+WcLNQ9HmpUA/3K/AI0PkWgRAjzy3bpq Yod59Q+gLUaMLdJEyYiHyasAAP9sLYaJdiWm6o43UNGMgZIClyOQ7aViMxqFW7fsumSvCw==
Organization: Componolit GmbH
To: tls@ietf.org
Cc: senier@componolit.com
Message-ID: <1f5befb5-0338-1135-1acf-31d06470d572@componolit.com>
Date: Fri, 3 May 2019 14:43:29 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mw-jNSzyy4JwHqX35iz8UpVMOEU>
X-Mailman-Approved-At: Fri, 03 May 2019 08:35:27 -0700
Subject: [TLS] Deprecated signature algorithms in RFC8446
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2019 12:55:35 -0000

Hi,

the example handshake traces for TLS 1.3 (RFC8448) seems not to fully
comply to the TLS 1.3 standard (RFC8446).

RFC8446 in 4.2.3. says that an implementation must not offer deprecated
algorithms in the signature algorithms extension:

"In TLS 1.2, the extension contained hash/signature pairs.  The
pairs are encoded in two octets, so SignatureScheme values have
been allocated to align with TLS 1.2's encoding.  Some legacy
pairs are left unallocated.  These algorithms are deprecated as of
TLS 1.3.  They MUST NOT be offered or negotiated by any
implementation.  In particular, MD5 [SLOTH], SHA-224, and DSA
MUST NOT be used."

RFC8448 shows in 3. an example with a ClientHello message containing a
signature algorithms extension with the deprecated algorithms 0x0402,
0x0502, 0x0602, and 0x0202, which all refer to the DSA algorithm, which
must not be used with TLS 1.3.

Best regards,

Tobias Reiher

-- 
Componolit GmbH · Königsbrücker Straße 124 · 01099 Dresden · Germany
Amtsgericht Dresden · HRB 36670 · Sitz Dresden
Geschäftsführer: Alexander Senier · USt-IdNr. (EU VATIN): DE312113634

http://componolit.com · @Componolit