Re: [TLS] Enforcing keyUsage restrictions (was Re: Safe ECC usage)

Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat, 12 October 2013 03:23 UTC

Return-Path: <mpg@elzevir.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D829811E81CB for <tls@ietfa.amsl.com>; Fri, 11 Oct 2013 20:23:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.949
X-Spam-Level:
X-Spam-Status: No, score=-1.949 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yr64KQZl983B for <tls@ietfa.amsl.com>; Fri, 11 Oct 2013 20:23:48 -0700 (PDT)
Received: from mordell.elzevir.fr (mordell.elzevir.fr [92.243.3.74]) by ietfa.amsl.com (Postfix) with ESMTP id D068511E810E for <tls@ietf.org>; Fri, 11 Oct 2013 20:23:45 -0700 (PDT)
Received: from thue.elzevir.fr (thue.elzevir.fr [88.165.216.11]) by mordell.elzevir.fr (Postfix) with ESMTPS id 24972160C7; Sat, 12 Oct 2013 05:23:43 +0200 (CEST)
Received: from [192.168.0.124] (unknown [192.168.0.254]) by thue.elzevir.fr (Postfix) with ESMTPSA id 7D941299F7; Sat, 12 Oct 2013 05:23:34 +0200 (CEST)
Message-ID: <5258C06B.4010804@elzevir.fr>
Date: Sat, 12 Oct 2013 05:22:19 +0200
From: =?ISO-8859-1?Q?Manuel_P=E9gouri=E9-Gonnard?= <mpg@elzevir.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.0
MIME-Version: 1.0
To: Santosh Chokhani <SChokhani@cygnacom.com>, Brian Smith <brian@briansmith.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <4262AC0DB9856847A2D00EF817E8113908E095@scygexch10.cygnacom.com>
In-Reply-To: <4262AC0DB9856847A2D00EF817E8113908E095@scygexch10.cygnacom.com>
X-Enigmail-Version: 1.5.2
OpenPGP: id=98EED379; url=https://elzevir.fr/gpg/mpg.asc
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Enforcing keyUsage restrictions (was Re: Safe ECC usage)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Oct 2013 03:23:54 -0000

On 12/10/2013 03:15, Santosh Chokhani wrote:
> DS bit for RSA based TLS server is not appropriate since the Server key is
> used by the client to encrypt and never used for digital signature
> verification.
> 
Your seem to have RSA key exchange in mind, while Brian was talking about
ECDHE_RSA or DHE_RSA key exchanges, where the server's RSA key is used to sign
the parameters in the ServerKeyExchange message. The point was precisely that,
if the keyUsage bits were respected, then setting only DS would force to use
only forward secret key exchanges with this certificate.

Manuel.