[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Any advice regarding frequency of generating

To: home_pw@xxxxxxx (Peter Williams)
Subject: Re: [TLS] Any advice regarding frequency of generating
From: Martin Rex <martin.rex@xxxxxxx>
Date: Tue, 19 Dec 2006 21:04:45 +0100 (MET)
Cc: tls@xxxxxxxx
In-reply-to: <BAY103-W31BF5CE79C470E70F63A392C80@xxxxxxx> from "Peter Williams" at Dec 19, 6 09:46:51 am
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

Peter Williams wrote:
> 
> Martin:
>
> RSA ephemeral is not "prohibited".  Is not standardized, thats true.

They are standardized and required for SSL ciphersuites with the
RSA_EXPORT key exchange method when a Server cert with an
RSA key >512 bit is being used.

quoting rfc2246 (tls v1.0) 7.4.3.  Server key exchange message:

   When this message will be sent:
       This message will be sent immediately after the server
       certificate message (or the server hello message, if this is an
       anonymous negotiation).

       The server key exchange message is sent by the server only when
       the server certificate message (if sent) does not contain enough
       data to allow the client to exchange a premaster secret. This is
       true for the following key exchange methods:

           RSA_EXPORT (if the public key in the server certificate is
           longer than 512 bits)
           DHE_DSS
           DHE_DSS_EXPORT
           DHE_RSA
           DHE_RSA_EXPORT
           DH_anon

       It is not legal to send the server key exchange message for the
       following key exchange methods:

           RSA
           RSA_EXPORT (when the public key in the server certificate is
           less than or equal to 512 bits in length)
           DH_DSS
           DH_RSA

rfc2246 says "It is not legal" to use ephemeral RSA for ciphersuites
with the RSA key exchange method.  And while the first part at least
mentions the possibility of sign-only RSA keys, the second part
completely ignores them.

What is that supposed to mean anyway?  "Not legal (under some jurisdictions?)
but well within the spec" or "MUST NOT send/use" in spec language?

>
> With Russ's non-repudiation proposal, a TLS session can be a form of
> signature.

Btw. I completely and thoroughly dislike Russ' proposal for non-repudiation
(he used the disguise terminology "evidence" though), both from a
technical standpoint, as well as from a "political" perspective.

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] Any advice regarding frequency of generating
  - From: Peter Williams

Prev by Date: Re: [TLS] GSS-API extension draft available
Next by Date: Re: [TLS] Re: I-D ACTION:draft-ietf-tls-srp-13.txt
Previous by thread: Ephemeral RSA (was Re: [TLS] Any advice regarding frequency of generating)
Next by thread: [TLS] draft-ietf-tls-srp-13
Index(es):
- Date
- Thread