[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TLS] RE: WGLC - Stepping up Hash

To: <stefans@xxxxxxxxxxxxx>, <tls@xxxxxxxx>
Subject: [TLS] RE: WGLC - Stepping up Hash
From: <Pasi.Eronen@xxxxxxxxx>
Date: Wed, 12 Dec 2007 13:27:54 +0200
Cc:
In-reply-to: <9F11911AED01D24BAA1C2355723C3D320A10E835BD@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <B356D8F434D20B40A8CEDAEC305A1F2404ED41E2@xxxxxxxxxxxxxxxxxxxxxx> <9F11911AED01D24BAA1C2355723C3D320567FF2229@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <9F11911AED01D24BAA1C2355723C3D320A10E835BD@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Thread-index: Acgw9Sz0FhpoohfNQHGlYiTjV/YjIgDnBkoQAe8NP+AAGNcUMA==
Thread-topic: WGLC - Stepping up Hash

Stefan Santesson wrote:

> This was discussed at the TLS meeting and not accepted mainly 
> for the following reasons:
> 
> 1) It would be very hard to specify the specific conditions 
> for when a server can or cannot step up the used hash algorithm.
> 2) We need servers to behave uniformly on this issue.
> 
> I would however challenge condition 2) and if condition 2) is 
> not necessary, then condition 1) falls as well.
> Why is it important that all servers are designed to handle 
> this situation uniformly? 

Completely uniform server behavior is perhaps not needed, 
but interoperability is.

> I fail to see the harm if some servers successfully deploys
> better security while other servers in the same situation would
> choose to stick to the default security level.
>
> As long as the server can determine successfully the capacity 
> of the client and successfully communicate the choice of 
> algorithms, then the only thing that can happen is that we 
> would simply allow the server to choose better security.
> 
> If there is no need for all servers to provide a uniform 
> behavior then we don't need to specify the exact conditions 
> under which the server can gain knowledge of the client's 
> capacity. This can range from local configuration and local 
> policy to a local convention based on the ciphersuites 
> supported by the client.

Do you mean something along the lines "if the client
proposes ciphersuite TLS_X_WITH_Y, then the server assumes
that the client will also support hash Z, even though
the client didn't include Z in signature_algorithms
extension"?

This sounds like a recipe for horrible interop problems
unless the specification actually says that "all implementations
which support TLS_X_WITH_Y must also support hash Z". While
this could perhaps be done, I don't quite understand why
it would be useful: if the client does indeed support Z, it 
will include it in the signature_algorithms list. If it
doesn't include it, it either doesn't support it, or does
not want to use it (in this context).

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- [TLS] RE: WGLC - Stepping up Hash
  - From: Stefan Santesson

References:
- [TLS] WGLC for draft-ietf-tls-rfc4346-bis-07
  - From: Pasi.Eronen
- [TLS] RE: WGLC for draft-ietf-tls-rfc4346-bis-07
  - From: Stefan Santesson
- [TLS] WGLC - Stepping up Hash
  - From: Stefan Santesson

Prev by Date: Read about the talents on display at Sun Tech Days in Frankfurt.
Next by Date: [TLS] RE: WGLC - Stepping up Hash
Previous by thread: [TLS] WGLC - Stepping up Hash
Next by thread: [TLS] RE: WGLC - Stepping up Hash
Index(es):
- Date
- Thread