Re: [TLS] Simplifying signature algorithm negotiation

Dave Garrett <davemgarrett@gmail.com> Sat, 16 January 2016 01:07 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 739C61B34AD for <tls@ietfa.amsl.com>; Fri, 15 Jan 2016 17:07:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KeROPg9Y-k-0 for <tls@ietfa.amsl.com>; Fri, 15 Jan 2016 17:07:15 -0800 (PST)
Received: from mail-qg0-x22d.google.com (mail-qg0-x22d.google.com [IPv6:2607:f8b0:400d:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D902D1B34AC for <tls@ietf.org>; Fri, 15 Jan 2016 17:07:14 -0800 (PST)
Received: by mail-qg0-x22d.google.com with SMTP id e32so432947896qgf.3 for <tls@ietf.org>; Fri, 15 Jan 2016 17:07:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=TTp0Je0KVKcR0f0iDWjTIrKwXx0J8O7dL2ED4RSRDzA=; b=YEj01Md8BtNowwBtVhRnSmBt5asZN5d+QjmTHduhlv3ZRVI1wsIFGVvXq8K0QJWPJ3 2zYWCd6vClJKNZzdcida6jbdYFma5r8WvECdctB8hOLxCDi5gg5tIw+3KR9qh5JwjEt9 VAFlz3mJ2KTGdbCGOiLGn+U/32Uma6sbewv5LWmUydo8A4Kw+tIJt6Vc+3wq7J+Qjkzy //eIXJdvw94/I+g4InFp66XyZIzyznArx2AWuPo+rS5zT8l3QWUAZ2lwsFUnFjgUuDhB 6yseJCNzJLjw1TR+Ce8Wx9gCjlKue7DXCNUCci+HHtT7iJsKtudn2wRlrQoRy4LMeG7R PGjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=TTp0Je0KVKcR0f0iDWjTIrKwXx0J8O7dL2ED4RSRDzA=; b=BNu9VE4+PJMtnyLhEAWSRWDiHA/lw3i+A9UrIWsHBgIp6NtLpWGL1dGWNQpUSXoOX+ bzc91HUX+jp5JPr6tt2FqwrFvzrc0pSab7mwtCvqAA1mYHjrHIMSJ2htFHWi8I2C/2w2 jqUTUKjd3O/io2gfSfL7I8YiSPMn3VaIYtMnL40vYNpuil6gmP5CkdwaI+jj3KLNnIR1 wOCt6NnZLtDsrFyA5Yvshk3gR+qC/OU1wWpsmsca9oJ+QJXwRjRtipKt5CqOJsiJSxVD Nym/A6gRznPfER/69TVGHCdjZhgBb5//jc+lG2uDQKuMH6eB2F3+U3AWVRTKcMLCk6Tk 8IyA==
X-Gm-Message-State: ALoCoQmkY/ukJnBFTUe8y5SUQkqDqfy/wNpw7yWqrPeKqWBzDHNMbBIFOfeIPiyhAa0v5Z3ZElpidyC/o6RR6m8ooE4wRE3zNQ==
X-Received: by 10.140.142.207 with SMTP id 198mr18151121qho.77.1452906434022; Fri, 15 Jan 2016 17:07:14 -0800 (PST)
Received: from dave-laptop.localnet (pool-72-94-152-197.phlapa.fios.verizon.net. [72.94.152.197]) by smtp.gmail.com with ESMTPSA id a5sm5547708qga.46.2016.01.15.17.07.13 (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 15 Jan 2016 17:07:13 -0800 (PST)
From: Dave Garrett <davemgarrett@gmail.com>
To: David Benjamin <davidben@chromium.org>
Date: Fri, 15 Jan 2016 20:07:12 -0500
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CAF8qwaCpYqs7ELDcRzXveLLjpL+d-CmBczkxPweh6_RVE1aDeA@mail.gmail.com>
In-Reply-To: <CAF8qwaCpYqs7ELDcRzXveLLjpL+d-CmBczkxPweh6_RVE1aDeA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-Id: <201601152007.12464.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/tGv9mBdKBsJK1CO7FXrwfnxU4cQ>
Cc: ekr <notifications@github.com>, tls@ietf.org
Subject: Re: [TLS] Simplifying signature algorithm negotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jan 2016 01:07:16 -0000

On Friday, January 15, 2016 03:45:34 pm David Benjamin wrote:
> This is a proposal for revising SignatureAlgorithm/HashAlgorithm. In TLS
> 1.2, signature algorithms are spread across the handshake.
[...]
> I propose we fold the negotiable parameters under one name.
[...]
> 2. Remove HashAlgorithm, SignatureAlgorithm, SignatureAndHashAlgorithm as
> they are. Introduce a new SignatureAlgorithm u16 type and negotiate that
> instead.

I previously proposed this here:
https://www.ietf.org/mail-archive/web/tls/current/msg18035.html

ekr was against it, though it hasn't been discussed that throughly.
https://www.ietf.org/mail-archive/web/tls/current/msg18036.html


Dave