Re: [TLS] regd. signature algorithm 0x0804 (rsa_pss_rsae_sha256) use in TLSv1.2 CertificateVerify

M K Saravanan <mksarav@gmail.com> Tue, 20 November 2018 16:35 UTC

Return-Path: <mksarav@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2385E130DC1 for <tls@ietfa.amsl.com>; Tue, 20 Nov 2018 08:35:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5EMy7MfXEfu0 for <tls@ietfa.amsl.com>; Tue, 20 Nov 2018 08:35:38 -0800 (PST)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73CDD12426A for <tls@ietf.org>; Tue, 20 Nov 2018 08:35:38 -0800 (PST)
Received: by mail-lf1-x133.google.com with SMTP id f23so1767771lfc.13 for <tls@ietf.org>; Tue, 20 Nov 2018 08:35:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=FNnncYsrIEVPiZD6Ks002Rr9pUTjI6mUQNkKK5EW/PE=; b=KldDpFQIp0l7O2wBe7NqNx3wqM9FGLc8o3oYgcO0VCws7dB5JJQIuJyc2d9fL2iKSF F1IAOEAWcdMQb5JOnw9xS0nf33K8TkalWFktksN9whVIF0q3+S2XnhXh4YEjkwHzEx5R fSCrnojMTS9A7r3xsvL2cqUX92MFCPjXjqAFMJEXoMEHGT9a3/W1wlBeY1132pSKbNH3 WqJUnu7gsnefXGuaa/VMXljOjRh8jUb6HZYuTpffRxD4Xnz+wjJhC0WWZ1xAVb1TZahf Ub6TROTFC/vGri8XOlitI4tEC8ku4VI97Bm9Pn2UVHyRM4SYxjZ3HhNiv5cYEfpTyp9V Ifkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=FNnncYsrIEVPiZD6Ks002Rr9pUTjI6mUQNkKK5EW/PE=; b=SOOan5RKOSrbZbNROroWvGOIyHGnWJTleO9LNrPoUsZjhAXGRKCuFMTOBpV9SeR+qo ljThzt35EgaSV8tNGEbLDKkbCQTx/Xgm0DtsSXFGDEk7IrJAF92zvMFEAA/At+a1kY22 wgNQI/uyeLTFGn+he5yIpyYO/f7UBH9GE9P7KXq/aP0721O22yciH+D1YBuxr3siNGeD acJnnkKDdIisGC5NeegquAibPq/TZVkNMdLlr7VAJXGKShYLjJr3TAHGUf+adv22P18u xsjh8I/CUcoeoivTY0MXiy1iMGY8RIoX+YIfW/dXeL1saQaINRFPuisYYmpd/B0fB7HF CR1Q==
X-Gm-Message-State: AGRZ1gLT4F8O6U2hFhfhXiyaWc4wuplxqfqRFdCfkdYpvdXxhqn5Gcas Ymt8BFA15fyA0iBoyT6W0i3ERX190wK7FO86V8XCrWL3
X-Google-Smtp-Source: AJdET5ewEsJDrHTTO7xF9tdqk2YT3+hTObrUQ9Gv7uq8M6/A+l42aIlvNWEIjcsfhUvd29T7XyqXVFjnJDTkMns6+mg=
X-Received: by 2002:a19:4287:: with SMTP id p129mr1596054lfa.135.1542731736225; Tue, 20 Nov 2018 08:35:36 -0800 (PST)
MIME-Version: 1.0
References: <CAG5P2e8SY8JsraV9R5MPe35hr2t5TWFmPZ=3gh0vrDW=i-AjDw@mail.gmail.com>
In-Reply-To: <CAG5P2e8SY8JsraV9R5MPe35hr2t5TWFmPZ=3gh0vrDW=i-AjDw@mail.gmail.com>
From: M K Saravanan <mksarav@gmail.com>
Date: Wed, 21 Nov 2018 00:35:24 +0800
Message-ID: <CAG5P2e9vA0X1jAh+s_JKBCC6aYE_8SZ2kFvH2gO3Z4e8CEP6yA@mail.gmail.com>
To: tls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/qGtxxPpTAuVhhLbnoZuKewVIkoM>
Subject: Re: [TLS] regd. signature algorithm 0x0804 (rsa_pss_rsae_sha256) use in TLSv1.2 CertificateVerify
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 16:35:40 -0000

Hi,

RFC8446:
=================================================
4.2.3.  Signature Algorithms

[...]
-  Implementations that advertise support for RSASSA-PSS (which is
      mandatory in TLS 1.3) MUST be prepared to accept a signature using
      that scheme even when TLS 1.2 is negotiated.  In TLS 1.2,
      RSASSA-PSS is used with RSA cipher suites.

=================================================

The above paragraph gives me an impression that, in TLSv1.2, if
CertificateRequest message advertise 0x0804, then the client can sign
the CertificateVerify message with 0x0804 if client cert is RSA.

0x0804 = rsa_pss_rsae_sha256

Can some one please confirm whether my understanding is correct?

with regards,
Saravanan

On Wed, 21 Nov 2018 at 00:27, M K Saravanan <mksarav@gmail.com>; wrote:
>
> Hi,
>
> If a TLSv1.2 Certificate Request message contains 0x0804
> (rsa_pss_rsae_sha256) as one of the supported signature algorithms,
> can a client sign the CertificateVerify message using that algorithm?
> (client cert is RSA).  Is it allowed in TLSv1.2?
>
> with regards,
> Saravanan