Re: [TLS] Re: TLS 1.2 draft

Wan-Teh Chang <wtchang@redhat.com> Wed, 07 March 2007 15:45 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOyKr-0001LE-J1; Wed, 07 Mar 2007 10:45:49 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HOyKq-0001JH-26 for tls@ietf.org; Wed, 07 Mar 2007 10:45:48 -0500
Received: from mx1.redhat.com ([66.187.233.31]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HOyKo-0003FU-PR for tls@ietf.org; Wed, 07 Mar 2007 10:45:48 -0500
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l27FjNLb018436 for <tls@ietf.org>; Wed, 7 Mar 2007 10:45:44 -0500
Received: from potter.sfbay.redhat.com (potter.sfbay.redhat.com [172.16.27.15]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l27FWlCA015965 for <tls@ietf.org>; Wed, 7 Mar 2007 10:32:47 -0500
Received: from [127.0.0.1] (vpn-51-44.sfbay.redhat.com [10.14.51.44] (may be forged)) by potter.sfbay.redhat.com (8.12.11.20060308/8.12.11) with ESMTP id l27FWd5I029456 for <tls@ietf.org>; Wed, 7 Mar 2007 10:32:46 -0500
Message-ID: <45EEDB21.6030906@redhat.com>
Date: Wed, 07 Mar 2007 07:32:49 -0800
From: Wan-Teh Chang <wtchang@redhat.com>
User-Agent: Thunderbird 2.0pre (Windows/20070211)
MIME-Version: 1.0
To: tls@ietf.org
Subject: Re: [TLS] Re: TLS 1.2 draft
References: <20070305054158.3A09C1CC24@delta.rtfm.com><87zm6qydae.fsf@latte.josefsson.org> <45ED8D09.2060600@redhat.com> <B356D8F434D20B40A8CEDAEC305A1F2403DB5D7A@esebe105.NOE.Nokia.com>
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F2403DB5D7A@esebe105.NOE.Nokia.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Pasi.Eronen@nokia.com wrote:
>
> No, this is not exactly what pkcs-1v2-1errata.txt says; there
> is additional text in the errata:
> 
>   Exception: When formatting the DigestInfoValue in EMSA-PKCS1-V1.5 
>   (see 9.2), the parameters field associated with id-sha1, id-sha256, 
>   id-sha384 and id-sha512 SHALL have a value of type NULL. This is to 
>   maintain compatibility with existing implementations and with the 
>   numeric information values already published for EMSA-PKCS1-V1.5 
>   which are also reflected in IEEE 1363a-2004[27].
> 
> In other words: AlgorithmIdentifier is used in several different
> places, and the text "MUST accept both, SHOULD omit" applies to 
> all of those *except* one place (EMSA-PKCS1-V1.5). But that place
> happens to be the one we care about for TLS 1.2 (ServerKeyExchange
> and CertificateVerify messages)!

Pasi, you're right.  Thank you for correcting me.  I didn't
see the Exception paragraph.  This is complicated.

> I think we should follow pkcs-1v2-1errata.txt and IEEE 1363a-2004
> (which both agree) here, unless there are compelling arguments
> against it...

Since pkcs-1v2-1errata.txt (Dec. 2005) is newer in RFC 3447
(Feb. 2003), I agree with your recommendation.

Wan-Teh


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls