Re: [TLS] TLS 1.2 hash agility

Mike <mike-list@pobox.com> Wed, 26 September 2007 17:08 UTC

Return-path: <tls-bounces@lists.ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaaNc-0001IU-BV; Wed, 26 Sep 2007 13:08:56 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaaNa-0001Fz-QV for tls@ietf.org; Wed, 26 Sep 2007 13:08:55 -0400
Received: from sceptre.pobox.com ([207.106.133.20]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IaaNE-0005ye-DK for tls@ietf.org; Wed, 26 Sep 2007 13:08:32 -0400
Received: from sceptre (localhost.localdomain [127.0.0.1]) by sceptre.pobox.com (Postfix) with ESMTP id BB5CE2F9; Wed, 26 Sep 2007 13:08:52 -0400 (EDT)
Received: from [192.168.1.8] (wsip-24-234-114-35.lv.lv.cox.net [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by sceptre.sasl.smtp.pobox.com (Postfix) with ESMTP id 5303D83262; Wed, 26 Sep 2007 13:08:51 -0400 (EDT)
Message-ID: <46FA91E8.5020303@pobox.com>
Date: Wed, 26 Sep 2007 10:07:52 -0700
From: Mike <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Eric Rescorla <ekr@networkresonance.com>
Subject: Re: [TLS] TLS 1.2 hash agility
References: <46ABB82D.8090709@pobox.com> <46ACCCCB.8000201@pobox.com> <B356D8F434D20B40A8CEDAEC305A1F24046B2496@esebe105.NOE.Nokia.com> <20070914215611.0342933C21@delta.rtfm.com> <46EB102E.2070900@pobox.com> <20070914225606.9E9B433C21@delta.rtfm.com> <46EC2AE7.9040903@pobox.com> <20070917185820.6E7CC33C3A@delta.rtfm.com> <46FA745A.3070305@pobox.com> <20070926152907.8A60B33C23@delta.rtfm.com>
In-Reply-To: <20070926152907.8A60B33C23@delta.rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

>> At the risk of being redundant, I assert that making this extension
>> symmetric and allowing the server to respond with its own list of
>> supported algorithms, is better than having the server send its
>> list every place where it is needed (now and in the future).  Send
>> it once in ServerHello, and use it where it's needed.
> 
> There is only one place where it's needed: CertificateRequest.

That is true at the moment, but if a future addition to the protocol
also requires a signature, you will need to send the list twice.

> This has two advantages over the extension:
> 1. It works even if the client doesn't offer the extension.

You could make the extension mandatory for TLS 1.2 or later.  Even
if it is not mandatory, if the client does not specify the extension,
there are default capabilities that can be assumed.  If the server
requires that the client authenticate with a certificate, and also
that the default algorithms are unacceptable, it can abort the
session immediately after ClientHello is received, which is an
added performance benefit.

> 2. It puts the parameters for the certificate in the same place
>    as the request for it.

While I agree that this is in general good design, my opinion is
that the other factors outweigh it.  Gentlemen can disagree.

Mike

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls