Re: [TLS] Server Signature Algorithms

To: "Michael D'Errico" <mike-list at pobox.com>, Nikos Mavrogiannopoulos <nmav at gnutls.org>
Subject: Re: [TLS] Server Signature Algorithms
From: Wan-Teh Chang <wtc at google.com>
Date: Mon, 2 Nov 2009 10:02:41 -0800
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1257184967; bh=PqjVPO5aGqG9+fK8MhGxJNZqSxc=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=ceB+OysO0Uwd6WFq+p6n3VBcF8h7WVBSorSji4cZfvwW2Rtvkr9o8qV9VDjHJVU7P hi/mI6q5Y96qJDIdNBt5Q==
Domainkey-signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:content-transfer-encoding:x-system-of-record; b=cXxLm7FIJsFuIoc7fC6T8kIOQ2hLu4K+efEa0MLUNu/17vbNk2Yb6NKJKdFR0fsqu U2hwM+Jqnyp1NiGXpL64A==
In-reply-to: <4AEDFED0.7060505 at pobox.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <OFCFFB440A.DEB1CEA7-ON4A257661.007208C6-4A257661.007271E8 at au1.ibm.com> <4AEDFED0.7060505 at pobox.com>

On Sun, Nov 1, 2009 at 1:34 PM, Michael D'Errico <mike-list at pobox.com> wrote:
> So instead of changing the existing signature_algorithms extension,
> nothing would break by creating a new server_signature_algorithms
> extension.  Client support would be advertised by sending an empty
> extension to the server.  The server would show support by replying
> with its list.

Michael: I agree this would be the safest solution which
eliminates the concern of breaking some TLS 1.2 implementation,
at the cost of adding a new TLS extension.

This would be an example of a "server-oriented" extension
described in Sec. 2.3, page 7 of RFC 4366.

Nikos: GnuTLS is one of the first TLS 1.2 implementations.
How does GnuTLS deal with this issue now?  Does it compute
hashes of all the hash algorithms it supports on the handshake
messages, or does it buffer the handshake messages until
the hash algorithm has been selected?

Wan-Teh

Follow-Ups:
- Re: [TLS] Server Signature Algorithms
  - From: Nikos Mavrogiannopoulos

References:
- Re: [TLS] Server Signature Algorithms
  - From: Michael Gray
- Re: [TLS] Server Signature Algorithms
  - From: Michael D'Errico

Prev by Date: Re: [TLS] Server Signature Algorithms
Next by Date: Re: [TLS] Server Signature Algorithms
Previous by thread: Re: [TLS] Server Signature Algorithms
Next by thread: Re: [TLS] Server Signature Algorithms
Index(es):
- Date
- Thread

Re: [TLS] Server Signature Algorithms

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.