On 17/02/14 11:49, Erwann Abalea wrote:
<snip>
- the ECC certificates have a keyUsage set to digitalSignature and
keyAgreement;
keyAgreement is correct wrt the public key (id-ecPublicKey covers both ECDSA and
ECDH keys), but is useless in TLS (not a security problem at all)
RFC5820 4.2.1.12 seems to say it's _not_ entirely useless in TLS:
"id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
-- TLS WWW server authentication
-- Key usage bits that may be consistent: digitalSignature,
-- keyEncipherment _or keyAgreement_"
IINM, the keyAgreement bit is required to use the ECDH_ECDSA ciphers.
(However, hopefully everyone would prefer to use the ECDHE_ECDSA ciphers
instead).
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
