Re: [TLS] Server Signature Algorithms

Nikos Mavrogiannopoulos <nmav@gnutls.org> Mon, 02 November 2009 19:10 UTC

Return-Path: <n.mavrogiannopoulos@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD4FC3A6903 for <tls@core3.amsl.com>; Mon, 2 Nov 2009 11:10:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P52WuoDucz9b for <tls@core3.amsl.com>; Mon, 2 Nov 2009 11:10:58 -0800 (PST)
Received: from mail-bw0-f223.google.com (mail-bw0-f223.google.com [209.85.218.223]) by core3.amsl.com (Postfix) with ESMTP id CF64728C122 for <tls@ietf.org>; Mon, 2 Nov 2009 11:10:57 -0800 (PST)
Received: by bwz23 with SMTP id 23so6688576bwz.29 for <tls@ietf.org>; Mon, 02 Nov 2009 11:11:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=pRYZt3lYGyUIFENP/msBd4nPuoI7CUC1oTYToZB1bDM=; b=WCTloiJ3bqHkjoS+pM5JAaVbT0oN5nDUZy3Ex+lwNF3rayOQ6SBkHy3uomxV3FR4Uk KAP5dzV7gpK4rUM1SJb//cH72/DAMg8BXSApnwqtmDC7esUt8y9Bow/gUe5EylJRrEc+ 8R5+0Og3CROPVKnWQA9Bl+33G7OUNvBVdzZI4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=IDou551JvJXZhEh+/iRSy1mXPd8wbwdiTLNEWEjpGf/w9DA+BMDJ0+El/iGxK2yjJL 10EMb5IwZH0LcYwXoK62sLRm8j/tjW7WHqE584R/b/sDssfj7fXwGXIHdJ2lXz3nyFqu a/TzEy4wUlFJDhOp63MLJFz6m0sA0/PLmGajY=
Received: by 10.204.154.203 with SMTP id p11mr4072619bkw.180.1257189074613; Mon, 02 Nov 2009 11:11:14 -0800 (PST)
Received: from ?10.100.1.196? (adsl8-169.ath.forthnet.gr [77.49.199.169]) by mx.google.com with ESMTPS id 26sm7457242fks.32.2009.11.02.11.11.13 (version=SSLv3 cipher=RC4-MD5); Mon, 02 Nov 2009 11:11:14 -0800 (PST)
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Message-ID: <4AEF2ECF.5020906@gnutls.org>
Date: Mon, 02 Nov 2009 21:11:11 +0200
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Wan-Teh Chang <wtc@google.com>
References: <OFCFFB440A.DEB1CEA7-ON4A257661.007208C6-4A257661.007271E8@au1.ibm.com> <4AEDFED0.7060505@pobox.com> <e8c553a60911021002p504049feqfa2da5b154e66c9@mail.gmail.com>
In-Reply-To: <e8c553a60911021002p504049feqfa2da5b154e66c9@mail.gmail.com>
X-Enigmail-Version: 0.95.7
OpenPGP: id=96865171
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: tls@ietf.org
Subject: Re: [TLS] Server Signature Algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2009 19:10:58 -0000

Wan-Teh Chang wrote:

> Nikos: GnuTLS is one of the first TLS 1.2 implementations.
> How does GnuTLS deal with this issue now?  Does it compute
> hashes of all the hash algorithms it supports on the handshake
> messages, or does it buffer the handshake messages until
> the hash algorithm has been selected?

This part was only recently implemented. The current behavior is to not
buffer messages in order to keep common code base for all TLS versions
(none of the SSL, or TLS protocols so far required such buffering).
What we do is hash all the handshake messages with SHA-1 and SHA-256 and
hope that those will be among the choices of the server.

This works but it is a time bomb. Once one sets up a server that
requests some signature algorithm not in this set we do not complete
handshake.

regards,
Nikos