Re: [TLS] Server Signature Algorithms

To: Wan-Teh Chang <wtc at google.com>
Subject: Re: [TLS] Server Signature Algorithms
From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
Date: Mon, 02 Nov 2009 21:11:11 +0200
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=pRYZt3lYGyUIFENP/msBd4nPuoI7CUC1oTYToZB1bDM=; b=WCTloiJ3bqHkjoS+pM5JAaVbT0oN5nDUZy3Ex+lwNF3rayOQ6SBkHy3uomxV3FR4Uk KAP5dzV7gpK4rUM1SJb//cH72/DAMg8BXSApnwqtmDC7esUt8y9Bow/gUe5EylJRrEc+ 8R5+0Og3CROPVKnWQA9Bl+33G7OUNvBVdzZI4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=IDou551JvJXZhEh+/iRSy1mXPd8wbwdiTLNEWEjpGf/w9DA+BMDJ0+El/iGxK2yjJL 10EMb5IwZH0LcYwXoK62sLRm8j/tjW7WHqE584R/b/sDssfj7fXwGXIHdJ2lXz3nyFqu a/TzEy4wUlFJDhOp63MLJFz6m0sA0/PLmGajY=
In-reply-to: <e8c553a60911021002p504049feqfa2da5b154e66c9 at mail.gmail.com>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=96865171
References: <OFCFFB440A.DEB1CEA7-ON4A257661.007208C6-4A257661.007271E8 at au1.ibm.com> <4AEDFED0.7060505 at pobox.com> <e8c553a60911021002p504049feqfa2da5b154e66c9 at mail.gmail.com>
Sender: Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com>
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Wan-Teh Chang wrote:

> Nikos: GnuTLS is one of the first TLS 1.2 implementations.
> How does GnuTLS deal with this issue now?  Does it compute
> hashes of all the hash algorithms it supports on the handshake
> messages, or does it buffer the handshake messages until
> the hash algorithm has been selected?

This part was only recently implemented. The current behavior is to not
buffer messages in order to keep common code base for all TLS versions
(none of the SSL, or TLS protocols so far required such buffering).
What we do is hash all the handshake messages with SHA-1 and SHA-256 and
hope that those will be among the choices of the server.

This works but it is a time bomb. Once one sets up a server that
requests some signature algorithm not in this set we do not complete
handshake.

regards,
Nikos

References:
- Re: [TLS] Server Signature Algorithms
  - From: Michael Gray
- Re: [TLS] Server Signature Algorithms
  - From: Michael D'Errico
- Re: [TLS] Server Signature Algorithms
  - From: Wan-Teh Chang

Prev by Date: Re: [TLS] Server Signature Algorithms
Next by Date: Re: [TLS] RESOLVED (Re: [sasl] lasgt call comments (st Call:
Previous by thread: Re: [TLS] Server Signature Algorithms
Next by thread: Re: [TLS] Server Signature Algorithms
Index(es):
- Date
- Thread

Re: [TLS] Server Signature Algorithms

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.