[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Last call" on draft-altman-tls-channel-bindings-05.txt

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
From: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Date: Wed, 19 Aug 2009 11:17:28 -0500
Cc: ietf-sasl@xxxxxxx, tls@xxxxxxxx
In-reply-to: <87bpmcbqxd.fsf@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <20090818213427.GU1043@xxxxxxx> <87ljlgbv2a.fsf@xxxxxxxxxxxxxxxxxxx> <20090818225934.GW1043@xxxxxxx> <87bpmcbqxd.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Mutt/1.5.7i

On Wed, Aug 19, 2009 at 02:14:38AM +0200, Simon Josefsson wrote:
> Nicolas Williams <Nicolas.Williams@xxxxxxx> writes:
> >    Description: ...
> 
> Looks fine to me.
> 
> > The text you quote is security considerations text; the normative text
> > already says exactly what you ask for.  But OK:
> >
> >         ...  The algorithm to be used, however, is derived from the
> >    certificate's signature as described in Section 4.1; to recap: use
> >    SHA-256 if the certificate signature algorithm uses MD5 or SHA-1,
> >    else use whatever hash function the certificate uses.
> 
> There were two uses of "uses" in the sentence, and the second is still
> present, but at least this is better than before.

Ah yes:

        ...  The algorithm to be used, however, is derived from the
   certificate's signature as described in Section 4.1; to recap: use
   SHA-256 if the certificate signature algorithm uses MD5 or SHA-1,
   else use whatever hash function the certificate signature algorithm
   uses.

> > Now, section 4.1 says "if the certificate's signature hash algorithm is
> > ...".  But perhaps it should say "if the hash algorithm used in the
> > certificate's signatureAlgorithm is ...", just to be really accurate and
> > avoid any possible confusion (with, say, the algorithm field of
> > SubjectPublicKeyInfo).  Yes?
> 
> The more precise the better, although SubjectPublicKeyInfo generally do
> not imply any particular hash function.  But for new implementers, it is
> easy to go wrong if the text is not specific.

So let's add that precision and address signature algs that don't use
hash functions:

   Description: The hash of the TLS server's certificate [RFC5280] as it
   appears, octet for octet, in the server's Certificate message (note
   that the Certificate message contains a certificate_list, the first
   element of which is the server's certificate.)  The hash function is
   to be selected as follows: if the hash algorithm used in the
   certificate's signatureAlgorithm is either MD5 [RFC1321] or SHA-1
   [RFC3174] or if the certificate's signatureAlgorithm does not use any
   hash functions, then use SHA-256 [FIPS-180-2], otherwise use whatever
   hash algorithm is used by the certificate's signatureAlgorithm.

Nico
--

References:
- "Last call" on draft-altman-tls-channel-bindings-05.txt
  - From: Nicolas Williams
- Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
  - From: Simon Josefsson
- Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
  - From: Nicolas Williams
- Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
  - From: Simon Josefsson

Prev by Date: Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
Next by Date: Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
Previous by thread: Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
Next by thread: Re: "Last call" on draft-altman-tls-channel-bindings-05.txt
Index(es):
- Date
- Thread