Re: [TLS] Will CAs decide server signing algorithms in TLS 1.2?

To: tls at ietf.org
Subject: Re: [TLS] Will CAs decide server signing algorithms in TLS 1.2?
From: "Wan-Teh Chang" <wtchang at gmail.com>
Date: Fri, 4 May 2007 08:28:32 -0700
Cc:
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=EYWSIoZkIqeD5wqc+jA6iNZgCoqNnW9JYzBgBF7y+1xuXwHJfQWCzvyYI6wmJuVBV90pk9pVyv06lfWLCSdcugujhBq//3SoSfwHW6BYuyGDHNI5k0ewCVvXLIV74N6CzH35R11RQhvNhwkjncg5ifbGH+WeMgMtxPOq+CHwOds=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cqF2m9oGrs5j9NSOLrq4vWbgWLHpTqivhBiUiPRVt1gDKUYAtyAX82b0mAlELGQSRASr78CI0cap6RZDTtyvvgfAKoXegL1F0B7jK+6tPA8awgrZEDIPMWYoq+YO6Fz+cM8McMbiEhNNL7zUsg0deAdV/7ZuAsSSqXO6ZdS559U=
In-reply-to: <B356D8F434D20B40A8CEDAEC305A1F2404162FC8@esebe105.NOE.Nokia.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <87slao8y4b.fsf@mocca.josefsson.org> <B356D8F434D20B40A8CEDAEC305A1F2404162FC8@esebe105.NOE.Nokia.com>

On 5/4/07, Pasi.Eronen at nokia.com <Pasi.Eronen at nokia.com> wrote:

Hi Simon,

This issue was discussed in Prague, and I think the conclusion
was that the current text needs to be changed. In other words:
if the client tells it supports RSA+SHA256, the server can
use it even if the CA used RSA+SHA1 to sign the server cert


How does the client tells the server that it supports RSA+SHA256?
By overloading the "Cert Hash Types" hello extension or adding a
new extension specifically for this purpose?

There is a corresponding issue for the client's signature in the
CertificateVerify message.

Another related issue is the longer DSA variants defined in Draft
FIPS 186-3, which aren't hardcoded to use SHA-1.

Wan-Teh

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Will CAs decide server signing algorithms in TLS 1.2?
  - From: Simon Josefsson
- RE: [TLS] Will CAs decide server signing algorithms in TLS 1.2?
  - From: Pasi.Eronen

Prev by Date: RE: [TLS] Will CAs decide server signing algorithms in TLS 1.2?
Next by Date: [TLS] New Liaison Statement, "Response to "Request to reserve TLS extension type for ITU-T draft Recommendation X.tsm-1""
Previous by thread: RE: [TLS] Will CAs decide server signing algorithms in TLS 1.2?
Next by thread: [TLS] Update on draft-ietf-tls-suiteb
Index(es):
- Date
- Thread

Re: [TLS] Will CAs decide server signing algorithms in TLS 1.2?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.