RE: [TLS] TLS 1.2 hash agility

To: <mike-list at pobox.com>, <tls at ietf.org>
Subject: RE: [TLS] TLS 1.2 hash agility
From: <Pasi.Eronen at nokia.com>
Date: Thu, 27 Sep 2007 12:30:42 +0300
Cc:
In-reply-to: <46FA745A.3070305@pobox.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <46ABB82D.8090709@pobox.com> <46ACCCCB.8000201@pobox.com><B356D8F434D20B40A8CEDAEC305A1F24046B2496@esebe105.NOE.Nokia.com><20070914215611.0342933C21@delta.rtfm.com><46EB102E.2070900@pobox.com><20070914225606.9E9B433C21@delta.rtfm.com><46EC2AE7.9040903@pobox.com><20070917185820.6E7CC33C3A@delta.rtfm.com> <46FA745A.3070305@pobox.com>
Thread-index: AcgAT20UH9clMuy8RXejWUQWyIGXsgAmQbBg
Thread-topic: [TLS] TLS 1.2 hash agility

mike-list at pobox.com wrote:

> > - In the case of the ServerKeyExchange, the client signals his
> >   support in this extension *and* in the cipher suite.
> 
> The cipher suite doesn't have all the information about which
> signature algorithm to use.
> 
>      TLS_RSA_WITH_RC4_128_MD5
>      TLS_RSA_WITH_RC4_128_SHA
>      TLS_RSA_WITH_3DES_EDE_CBC_SHA
>      TLS_RSA_WITH_AES_128_CBC_SHA
>      TLS_RSA_WITH_AES_256_CBC_SHA
> 
> The above cipher suites specify that the public key in the
> certificate must be an RSA key, but they don't say anything about
> what algorithm is used to sign the certificate.

In TLS 1.0 and 1.1, these ciphersuites required that the certificate
is also signed with RSA. (But that's something we can change in 
TLS 1.2, if we so decide.)

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] TLS 1.2
  - From: Mike
- [TLS] TLS 1.2 hash agility
  - From: Mike
- RE: [TLS] TLS 1.2 hash agility
  - From: Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike

Prev by Date: Re: [TLS] TLS 1.2 hash agility
Next by Date: RE: [TLS] TLS 1.2 hash agility
Previous by thread: RE: [TLS] TLS 1.2 hash agility
Next by thread: Re: [TLS] TLS 1.2
Index(es):
- Date
- Thread

RE: [TLS] TLS 1.2 hash agility

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.