IETF Logo Mail Archive

Re: [TLS] DSS with other than SHA-1 algorithms

Juho Vähä-Herttua <juhovh@iki.fi> Wed, 13 April 2011 08:12 UTC

Return-Path: <juhovh@iki.fi>
X-Original-To: tls@ietfc.amsl.com
Delivered-To: tls@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 84C32E06A5 for <tls@ietfc.amsl.com>; Wed, 13 Apr 2011 01:12:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t2T9d8M-S-AY for <tls@ietfc.amsl.com>; Wed, 13 Apr 2011 01:12:54 -0700 (PDT)
Received: from kirsi2.inet.fi (mta-out.inet.fi [195.156.147.13]) by ietfc.amsl.com (Postfix) with ESMTP id 5E861E0789 for <tls@ietf.org>; Wed, 13 Apr 2011 01:12:54 -0700 (PDT)
Received: from [192.168.1.100] (88.192.44.252) by kirsi2.inet.fi (8.5.133) id 4D959687001826C6; Wed, 13 Apr 2011 11:12:19 +0300
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Juho Vähä-Herttua <juhovh@iki.fi>
In-Reply-To: <E1Q9tQq-0006Q4-VU@login01.fos.auckland.ac.nz>
Date: Wed, 13 Apr 2011 11:11:18 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <8431E43B-DCE8-4233-AF17-2BFDF8C7F736@iki.fi>
References: <E1Q9tQq-0006Q4-VU@login01.fos.auckland.ac.nz>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.1084)
Cc: simon@josefsson.org, geoffk@geoffk.org, tls@ietf.org
Subject: Re: [TLS] DSS with other than SHA-1 algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2011 08:12:55 -0000

On Apr 13, 2011, at 9:20 AM, Peter Gutmann wrote:
> Eric Rescorla <ekr@rtfm.com> writes:
> 
>> 1. I'm not convinced that the requirement that relying parties check the 
>> signature_algorithm should in fact be relaxed.
> 
> This despite the fact that every single person who responded considered it a 
> really bad idea (and some were far more vigorous in their comments than just 
> "bad idea"), and that no implementation actually checks it?  This sort of
> approach sounds more like PKIX than TLS.

Personally I was pretty shocked by this comment, should someone gather the related discussion from the mailing list into a single statement, in case the consensus wasn't clear enough already? I think there was only one argument for the strict checking, which was constrained devices that don't want to implement multiple hash functions and signing methods. But the bad sides presented clearly outweighed the good sides, having multiple certificates for each hash function just to fill this requirement in TLS 1.2 is simply not going to happen... It's far more likely that either the strict checking is ignored or TLS 1.2 is not implemented at all.


Juho

v2.23.0 | Report a Bug | By Email