IETF Logo Mail Archive

Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 11 July 2015 15:17 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9019E1A8AD0 for <tls@ietfa.amsl.com>; Sat, 11 Jul 2015 08:17:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ly-gEwf9fQDQ for <tls@ietfa.amsl.com>; Sat, 11 Jul 2015 08:17:31 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CA3E1A8ACD for <tls@ietf.org>; Sat, 11 Jul 2015 08:17:31 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id EDA70284D6A; Sat, 11 Jul 2015 15:17:29 +0000 (UTC)
Date: Sat, 11 Jul 2015 15:17:29 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20150711151729.GO28047@mournblade.imrryr.org>
References: <CALuAYvbteowTeyWe9VneRHgyvzTRS3LfKdorWt=jmEy2k+wNqw@mail.gmail.com> <201507101137.44703.davemgarrett@gmail.com> <20150710154912.GU28047@mournblade.imrryr.org> <201507101154.53812.davemgarrett@gmail.com> <20150710160848.GW28047@mournblade.imrryr.org> <BLUPR03MB139645B664D7C3998B2DAA3C8C9F0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABcZeBNs9+h9UWfu=eDC3JBQ1ULCcuBSOK8B9JdDsiX-Ne5g2g@mail.gmail.com> <20150711134516.GA6970@LK-Perkele-VII> <CABcZeBO2k230mP+qpP+Mfr3ee9tsvWe6BOcAgCtYxj3=PzOZPg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBO2k230mP+qpP+Mfr3ee9tsvWe6BOcAgCtYxj3=PzOZPg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/zeCxy-lDI8p44Zly9H2UFJo-09U>
Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2015 15:17:32 -0000

On Sat, Jul 11, 2015 at 09:55:45AM -0400, Eric Rescorla wrote:

> This makes a certain amount of sense (though I wonder how often it's really
> an issue that a server declines to send a certificate that would otherwise
> have worked to a compliant client [0]).

Every time with Schannel, Exchange SMTP servers, and opportunistic
TLS SMTP clients.

> Perhaps the right text here is that if you have a conformant certificate,
> you MUST send it, but if not, you MAY send a nonconformant one?

Correct.  It is important to try to match a supported algorithm,
but failing that, send what you have.  It may well work just fine
for the client, since the signatures in question are not made in
real-time by the server, but rather at some previous time by some
CA, which the client may not care about (pinned leaf cert, DANE
leaf cert, opportunistic TLS, ...).

And the point about debugging also makes sense.  The client
administrator can much more easily determine which additional
algorithm is required to interoperate with the server.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email