IETF Logo Mail Archive

Re: [TLS] BoringSSL's TLS test suite

David Benjamin <davidben@chromium.org> Sun, 25 September 2016 21:55 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A28CE12B040 for <tls@ietfa.amsl.com>; Sun, 25 Sep 2016 14:55:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.015
X-Spam-Level:
X-Spam-Status: No, score=-5.015 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kb7U2gtK1lrR for <tls@ietfa.amsl.com>; Sun, 25 Sep 2016 14:55:48 -0700 (PDT)
Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE9DF12B01F for <tls@ietf.org>; Sun, 25 Sep 2016 14:55:48 -0700 (PDT)
Received: by mail-it0-x22c.google.com with SMTP id o3so58457488ita.1 for <tls@ietf.org>; Sun, 25 Sep 2016 14:55:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QNP7b4qeylc4GsqCbOsZnrhwfLYPXkIWERF1GcI7rig=; b=hJFL/Pvlh1UIvVtXbgvypViDldueCfPDwbUC0+IQB3LtREnknSLOVAzP0tGUFPo026 KiuvMb/sSH2dfGvapCgsHb+N0fMNi6g9Si0ZwTpjb5Li/uiSBLfbnLgcvZZ2WVCBwX3l 8P9/skJRF1oE7sP05wgpwJIDcNbCaCrN/7ZVE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QNP7b4qeylc4GsqCbOsZnrhwfLYPXkIWERF1GcI7rig=; b=SRsvJnDtF27Mv8h5K1yALYj2SnENYF21tTOKWPCQiLb5aL9qwiBCxB27RFY4PFYzJC dw4NN3Q834gHbIBpElYMMXmhEf3W82knaYyzNspLO1ZHK74QTWWt60acX4CHnRhek0Ro MQL/6tu9vcdzUvFtnmN5a10J3T/bwPH2zyOsmq1mYIxmKyL/5ch6RW0rLnj4PY9Ej03P ooi8koOGD8y4X8+YMJJxznU4AxkJFmQIBLokMq+rm61DtGO+eS8iJmCGxY7RJB0W65Ke FWXpQjiJfLUtQMbe61JNdMxNTJF/YC0nmOl1a0C7sigb70186YcSWt7CHPLlgKaPw2cJ y5oA==
X-Gm-Message-State: AA6/9Rlw/YcQvLWjEGiXo5MIi1Jwo3JAthxRaOTtrRxdKJQQMkcplzW1LQeXaHUfg8IO4ztiACl5GvPO1r2RW1LG
X-Received: by 10.36.123.212 with SMTP id q203mr14670611itc.13.1474840547688; Sun, 25 Sep 2016 14:55:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAF8qwaBQkVy+wcK1-NFctBepV7TW93YmmPnxS2WoJ6F6=v-aEg@mail.gmail.com> <c70c6db3-5d1c-d2db-1e37-f8849166786e@streamsec.se> <CAF8qwaAQYwW9s0E_V-TqHhTqL9sBhobzsGUch5TDQynK2VNfEw@mail.gmail.com> <227dcca5-6549-3b71-1ceb-23686df822bb@streamsec.se> <CAMfhd9X7fHQbzi-DDXOrX2+M6PLbhg+rimg=BfB-QN16mH6Uyg@mail.gmail.com>
In-Reply-To: <CAMfhd9X7fHQbzi-DDXOrX2+M6PLbhg+rimg=BfB-QN16mH6Uyg@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Sun, 25 Sep 2016 21:55:36 +0000
Message-ID: <CAF8qwaD16JbOaY9AuxoDP9XyodUk27qbj+86qArxRzHDW66eHw@mail.gmail.com>
To: Adam Langley <agl@imperialviolet.org>, henrick@streamsec.se
Content-Type: multipart/alternative; boundary="001a1146c9def272f3053d5c124e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tbIervllm6mjd7KtN64_EAR9jaw>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] BoringSSL's TLS test suite
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Sep 2016 21:55:50 -0000

On Sun, Sep 25, 2016 at 5:49 PM Adam Langley <agl@imperialviolet.org> wrote:

> On Sun, Sep 25, 2016 at 2:35 PM, Henrick Hellström <henrick@streamsec.se>
> wrote:
> > Then again, the ASN.1 module in
> https://datatracker.ietf.org/doc/rfc5280/
> > says differently. Strictly speaking, RFC 3279 does not override the PKIX
> > specification when it comes to X.509 certificates; only for formats such
> as
> > RSA PUBLIC KEY that rely solely on the ASN.1 module in RFC 3279.
>
> To answer your original question then, this is intentional.
>
> While there are certainly differences of opinion about the
> applicability of Postel's law in this space, in practical terms
> requiring a NULL in this location empirically has very good
> compatibility and we don't like adding flexibility without good
> reason.
>

I believe we are also correct per spec. My interpretation of these
documents is that the general AlgorithmIdentifier structure may or may not
include parameters. However, whether a given parameter value or omitting
parameters altogether is legal is a question for the particular algorithm.
It's not overriding but plugging into the general framework. Specifications
for individual algorithm OIDs say what to put in the parameters field:

For id-rsaEncryption, RFC 3279 (previously cited) says it is not optional
and the only legal value is NULL.
https://tools.ietf.org/html/rfc3279#section-2.3.1

For id-RSASSAS-PSS, RFC 4055 says the parameters are not optional and
specifies the structure.
https://tools.ietf.org/html/rfc4055#section-3.1

For id-ecPublicKey, RFC 5480 says something similar and gives the structure.
https://tools.ietf.org/html/rfc5480#section-2.1.1

For id-dsa, RFC 3279 says they are actually optional. (Although this was a
pretty bad idea since it's used in this bizarre parameter inheritance
thing...)
https://tools.ietf.org/html/rfc3279#section-2.3.2

None of these can be talking about standalone structures like RSAPublicKey.
Those structures usually don't even include AlgorithmIdentifiers (no need
when you already know the key type) and are usually specified in other
documents like RFC 3447.

David

v2.23.0 | Report a Bug | By Email