Re: [TLS] TLS 1.2 hash agility

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] TLS 1.2 hash agility
From: Mike <mike-list at pobox.com>
Date: Wed, 26 Sep 2007 22:45:59 -0700
Cc: tls at ietf.org
In-reply-to: <46FA91E8.5020303@pobox.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <46ABB82D.8090709@pobox.com> <46ACCCCB.8000201@pobox.com> <B356D8F434D20B40A8CEDAEC305A1F24046B2496@esebe105.NOE.Nokia.com> <20070914215611.0342933C21@delta.rtfm.com> <46EB102E.2070900@pobox.com> <20070914225606.9E9B433C21@delta.rtfm.com> <46EC2AE7.9040903@pobox.com> <20070917185820.6E7CC33C3A@delta.rtfm.com> <46FA745A.3070305@pobox.com> <20070926152907.8A60B33C23@delta.rtfm.com> <46FA91E8.5020303@pobox.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

This has two advantages over the extension:
1. It works even if the client doesn't offer the extension.


You could make the extension mandatory for TLS 1.2 or later.  Even
if it is not mandatory, if the client does not specify the extension,
there are default capabilities that can be assumed.  If the server
requires that the client authenticate with a certificate, and also
that the default algorithms are unacceptable, it can abort the
session immediately after ClientHello is received, which is an
added performance benefit.


I realized half way through an all-day meeting that this performance
benefit does not depend on where you put the server's list of
signature algorithms; so it is not a valid argument for the server
extension.

2. It puts the parameters for the certificate in the same place
   as the request for it.


While I agree that this is in general good design, my opinion is
that the other factors outweigh it.  Gentlemen can disagree.


I spent the rest of the meeting trying to come up with other valid
reasons for using the extension to advertise the server's
capabilities, versus putting them in the CertificateRequest.  The
only thing I could come up with is that putting the list of
signature algorithms in the CertificateRequest is a change to the
format of that message, so it requires version-specific processing,
whereas if you use the server extension, the format of Certificate
Request is the same as previous TLS versions.

Mike

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- RE: [TLS] TLS 1.2 hash agility
  - From: Pasi.Eronen

References:
- [TLS] TLS 1.2
  - From: Mike
- [TLS] TLS 1.2 hash agility
  - From: Mike
- RE: [TLS] TLS 1.2 hash agility
  - From: Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike

Prev by Date: Re: [TLS] TLS 1.2 hash agility
Next by Date: Re: [TLS] TLS 1.2 hash agility
Previous by thread: Re: [TLS] TLS 1.2 hash agility
Next by thread: RE: [TLS] TLS 1.2 hash agility
Index(es):
- Date
- Thread

Re: [TLS] TLS 1.2 hash agility

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.