Re: [TLS] Two notes on TLS 1.2 after implementing it in GnuTLS

To: tls at lists.ietf.org
Subject: Re: [TLS] Two notes on TLS 1.2 after implementing it in GnuTLS
From: Mike <mike-list at pobox.com>
Date: Wed, 29 Nov 2006 04:53:54 -0800
In-reply-to: <87hcwmtp48.fsf@latte.josefsson.org>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <87hcwmtp48.fsf@latte.josefsson.org>
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)

Further, appendix H of PKCS1B contains additional discussions:

   *  The requirement that the parameters in an AlgorithmIdentifier
      value for id-sha1, id-sha256, id-sha384, and id-sha512 be NULL was
      changed to a recommendation that the parameters be omitted (while
      still allowing the parameters to be NULL). This is to align with
      the definitions originally promulgated by NIST. Implementations
      MUST accept AlgorithmIdentifier values both without parameters and
      with NULL parameters.

I note that Mike's server required a NULL here.  I initially didn't
send one, my ASN.1 library computed a DER encoding with an omitted
parameters field.  For reference, that DER code is:

  SHA-1: 30 1f 30 07 06 05 2b 0e 03 02 1a 04 14 || H

Mike's server didn't accept this.

This will leads to interoperability problems with TLS 1.2 unless the
specification is more explicit about the problem.


I have to admit I don't understand this issue.  That's because I
didn't write any RSA code myself.  I used to use OpenSSL for SSL/TLS,
but was never sure if my code was correct, so I decided to write my
own implementation.  However, I am comfortable with the functions in
OpenSSL's libcrypto, so I used that for all public-key algorithms and
bulk encryption.

Perhaps I need to write my own RSA code instead of relying on OpenSSL
EVP functions for signing/verifying?

Mike

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- [TLS] Re: Two notes on TLS 1.2 after implementing it in GnuTLS
  - From: Simon Josefsson

References:
- [TLS] Two notes on TLS 1.2 after implementing it in GnuTLS
  - From: Simon Josefsson

Prev by Date: Re: [TLS] NIST TLS recomendations (PKCS#1 encryption attacks)
Next by Date: Re: [TLS] Record layer corner cases
Previous by thread: [TLS] Two notes on TLS 1.2 after implementing it in GnuTLS
Next by thread: [TLS] Re: Two notes on TLS 1.2 after implementing it in GnuTLS
Index(es):
- Date
- Thread

Re: [TLS] Two notes on TLS 1.2 after implementing it in GnuTLS

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.