IETF Logo Mail Archive

Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)

Dave Garrett <davemgarrett@gmail.com> Sat, 11 July 2015 21:09 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0EA71ACD21 for <tls@ietfa.amsl.com>; Sat, 11 Jul 2015 14:09:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gg8zZekOq9wh for <tls@ietfa.amsl.com>; Sat, 11 Jul 2015 14:09:30 -0700 (PDT)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ACFF1ACD1D for <tls@ietf.org>; Sat, 11 Jul 2015 14:09:30 -0700 (PDT)
Received: by qkhu186 with SMTP id u186so229061621qkh.0 for <tls@ietf.org>; Sat, 11 Jul 2015 14:09:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=U16qCiWBQvjUPfjeX0LwtxFXUHwJW57WSMkmPwGGbuo=; b=V08bVhg28y3hKJYbDoc44M0wFwHGdolICPQWB43orGQ0iAmNFSzjTvJy9NFp591+HK cWy/qYlbSsBmQhey4PQYt79AJ4WOYyCWinawtg9pper41BexBLhah1B4sYnE+voIHZiZ +YJbjqq2kbheF/OkSur3PGSFtjirdBlYlFCb0O3SScqdM1Ble64jTWMpczBV/coZXOAv 5tjb+c2gY6NWgd7b91tXTTtS9ypQN9hW671xKsX2486dp6/sR6Zht2ZoVExf6M3rFzU7 Q/H/yJLcSAd1dAcAxB1jZpOAabMemyyIP/elSYU08nfNYOylJg74QYkTF61yzd6eNGTr g9qw==
X-Received: by 10.140.165.150 with SMTP id l144mr43197004qhl.99.1436648969445; Sat, 11 Jul 2015 14:09:29 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by smtp.gmail.com with ESMTPSA id 59sm8307985qgj.12.2015.07.11.14.09.28 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 11 Jul 2015 14:09:28 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: Viktor Dukhovni <ietf-dane@dukhovni.org>
Date: Sat, 11 Jul 2015 17:09:27 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-74-generic-pae; KDE/4.4.5; i686; ; )
References: <CALuAYvbteowTeyWe9VneRHgyvzTRS3LfKdorWt=jmEy2k+wNqw@mail.gmail.com> <201507111605.01407.davemgarrett@gmail.com> <20150711204810.GU28047@mournblade.imrryr.org>
In-Reply-To: <20150711204810.GU28047@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201507111709.27725.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/yQp89ocOYPRHpS96829IVXP0AgA>
Cc: tls@ietf.org
Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2015 21:09:32 -0000

On Saturday, July 11, 2015 04:48:10 pm Viktor Dukhovni wrote:
> Largely close enough.  Feel free to borrow any text from the below
> that you find to be an improvement.
> 
>     ========================================
> 
>     Whenever possible, all certificates provided by the server
>     SHOULD be signed by a hash/signature algorithm pair indicated
>     by the client's supported algorithms extension (or the defaults
>     assumed in its absence).  If the server cannot produce a
>     certificate chain that is signed via only the indicated supported
>     pairs, then it SHOULD continue the handshake by sending the
>     client a certificate chain of its choice that may include
>     hash/signature algoriths that are not known to be supported by
>     the client.
> 
>     The public key in the leaf certificate must of course be
>     compatible with the chosen cipher-suite, and the subsequent
>     ServerKeyExchange message must be signed via a mutually supported
>     hash/signature algorithm pair.
> 
>     If the client cannot construct a satisfactory chain using the
>     provided certificates and decides to abort the handshake, then
>     it MUST send an "unsupported_certificate" alert message and
>     close the connection.
> 
>     ========================================

The middle bit is already in existing text above the section in question.

New version with a little rewording and a typo fix.

\/

========================================
All certificates provided by the server SHOULD be signed by a
hash/signature algorithm pair indicated by the client's
"signature_algorithms" extension (or the defaults assumed in
its absence), where possible. If the server cannot produce a
certificate chain that is signed only via the indicated supported
pairs, then it SHOULD continue the handshake by sending the
client a certificate chain of its choice that may include algorithms
that are not known to be supported by the client. If the client
cannot construct an acceptable chain using the provided certificates
and decides to abort the handshake, then it MUST send an
"unsupported_certificate" alert message and close the connection.
========================================


Dave

v2.23.0 | Report a Bug | By Email