Re: [TLS] TLS 1.2 hash agility

To: Eric Rescorla <ekr at networkresonance.com>
Subject: Re: [TLS] TLS 1.2 hash agility
From: Mike <mike-list at pobox.com>
Date: Thu, 27 Sep 2007 07:18:38 -0700
Cc: tls at ietf.org
In-reply-to: <46FB4397.6040203@pobox.com>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <46ABB82D.8090709@pobox.com> <46ACCCCB.8000201@pobox.com> <B356D8F434D20B40A8CEDAEC305A1F24046B2496@esebe105.NOE.Nokia.com> <20070914215611.0342933C21@delta.rtfm.com> <46EB102E.2070900@pobox.com> <20070914225606.9E9B433C21@delta.rtfm.com> <46EC2AE7.9040903@pobox.com> <20070917185820.6E7CC33C3A@delta.rtfm.com> <46FA745A.3070305@pobox.com> <20070926152907.8A60B33C23@delta.rtfm.com> <46FA91E8.5020303@pobox.com> <46FB4397.6040203@pobox.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

I spent [a lot of time] trying to come up with other valid
reasons for using the extension to advertise the server's
capabilities, versus putting them in the CertificateRequest.  The
only thing I could come up with is that putting the list of
signature algorithms in the CertificateRequest is a change to the
format of that message, so it requires version-specific processing,
whereas if you use the server extension, the format of Certificate
Request is the same as previous TLS versions.


I came up with a few more ideas, unfortunately at the expense of
not being able to sleep:

  - The extension mechanism was added to TLS to enable the
    addition of functionality without needing to constantly
    change handshake message formats; so I would argue that
    any functionality that -can- be added using an extension
    -should- use an extension instead of modifying messages.
    (Yes, Signature had to change so messages will be
    different, but limiting the damage is a worthy goal.)

  - There is a potential performance benefit on the client
    side: if the client requires better algorithms than the
    defaults and the server either doesn't reply with the
    extension, or if the list doesn't contain an acceptable
    algorithm, then the client can abort the connection
    immediately after parsing the ServerHello message.  It
    can avoid the need to parse the Certificate message to
    determine how it was signed.

The only counter argument I could find is that the server's list
of acceptable algorithms might be different in different places.
Even if so, the client can benefit from knowing the server's
certificate signature algorithms up front, so having the server
respond with the extension is useful.  Then I would suggest
that signature_algorithms in CertificateRequest could be empty,
which would mean, "use the same list given in the server's
signature algorithms extension."

Mike

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla

References:
- [TLS] TLS 1.2
  - From: Mike
- [TLS] TLS 1.2 hash agility
  - From: Mike
- RE: [TLS] TLS 1.2 hash agility
  - From: Pasi.Eronen
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Eric Rescorla
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike
- Re: [TLS] TLS 1.2 hash agility
  - From: Mike

Prev by Date: RE: [TLS] TLS 1.2 hash agility
Next by Date: Re: [TLS] TLS 1.2 hash agility
Previous by thread: RE: [TLS] TLS 1.2 hash agility
Next by thread: Re: [TLS] TLS 1.2 hash agility
Index(es):
- Date
- Thread

Re: [TLS] TLS 1.2 hash agility

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.