[TLS] draft-rescorla-tls-suiteb-11.txt

To: "ekr at rtfm.com" <ekr at rtfm.com>, "housley at vigilsec.com" <housley at vigilsec.com>, "msalter at restarea.ncsc.mil" <msalter at restarea.ncsc.mil>
Subject: [TLS] draft-rescorla-tls-suiteb-11.txt
From: Rob Dugal <rdugal at certicom.com>
Date: Tue, 25 Nov 2008 10:44:34 -0500
Accept-language: en-US
Acceptlanguage: en-US
Cc: "tls at ietf.org" <tls at ietf.org>
Delivered-to: ietfarch-tls-web-archive at core3.amsl.com
Delivered-to: tls at core3.amsl.com
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Sender: tls-bounces at ietf.org
Thread-index: AclPFLa/GUAZhYSZS4Kwe7AFx0CjJA==
Thread-topic: draft-rescorla-tls-suiteb-11.txt

I have some questions on how a client and server will be able to comply with this draft and negotiate TLS 1.2.

Assume the following: 
- server and client are Suite B compliant
- both support TLS 1.2, TLS 1.1, and TLS 1.0
- both support ecdsa/sha256, ecdsa/sha384, ecdsa/sha1
- both support secp256r1 and secp384r1

When the client encodes the ClientHello it must not encode the signature_algorithms extension (see RFC 5246 section 7.4.1.4.1).
This means that when the server tries to process the ClientHello it can only assume that the client supports ecdsa/sha1 with TLS 1.2.
But for TLS 1.0 and TLS 1.1 there are no restrictions on the signature/hash algorithm.

draft-rescorla-tls-suiteb-11.txt requires that the server certificate use ecdsa/sha384/secp384r1 for ciphersuites with 192-bit security
and ecdsa/sha256/secp256r1 for ciphersuites with 128-bit security.
So I don't see how TLS 1.2 can ever be supported in this scenario.
-----------------------------------------------
Robert Dugal
Member of Development Group
Certicom Corp.
EMAIL: rdugal at certicom.com
PHONE: (905) 501-3848
FAX  : (905) 507-4230
WEBSITE: www.certicom.com


_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

Prev by Date: Re: [TLS] Name suggestions for tls-extractor
Next by Date: [TLS] Why does the client has to send a Certificate Verify while the server does not?
Previous by thread: [TLS] order of evaluation when multiple client hello extensions are specified
Next by thread: [TLS] Why does the client has to send a Certificate Verify while the server does not?
Index(es):
- Date
- Thread

[TLS] draft-rescorla-tls-suiteb-11.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.