Re: [TLS] Consistency for Signature Algorithms?

> To clarify, you are arguing that P-384 should also be listed as MTI? no, I'm arguing either for dropping the curve from signature algorithms, or to bind RSA key sizes to hashes too    I don't think that either of these are good ideas. +1 Both of these ideas are pretty bad,

Re: [TLS] Consistency for Signature Algorithms?

On Mon, Jul 24, 2017 at 10:15 AM, Hubert Kario wrote: > On Monday, 24 July 2017 15:09:48 CEST Benjamin Kaduk wrote: > > On 07/24/2017 05:49 AM, Hubert Kario wrote: > > > On Friday, 21 July 2017 21:37:42 CEST Benjamin Kaduk wrote: > > >> I'm afraid I don't understand this

Re: [TLS] Consistency for Signature Algorithms?

On Monday, 24 July 2017 15:09:48 CEST Benjamin Kaduk wrote: > On 07/24/2017 05:49 AM, Hubert Kario wrote: > > On Friday, 21 July 2017 21:37:42 CEST Benjamin Kaduk wrote: > >> I'm afraid I don't understand this remark. There is the caveat to which > >> Ilari alludes, that the server can send

Re: [TLS] Consistency for Signature Algorithms?

On Fri, Jul 21, 2017 at 02:37:42PM -0500, Benjamin Kaduk wrote: > I'm afraid I don't understand this remark. There is the caveat to which > Ilari alludes, that the server can send whatever chain it has, if the > server can't send a chain that complies with the client's > signature_algorithms.

Re: [TLS] Consistency for Signature Algorithms?

On 07/24/2017 05:49 AM, Hubert Kario wrote: > On Friday, 21 July 2017 21:37:42 CEST Benjamin Kaduk wrote: >> I'm afraid I don't understand this remark. There is the caveat to which >> Ilari alludes, that the server can send whatever chain it has, if the >> server can't send a chain that complies

Re: [TLS] Consistency for Signature Algorithms?

On Friday, 21 July 2017 21:37:42 CEST Benjamin Kaduk wrote: > On 07/21/2017 09:34 AM, Hubert Kario wrote: > > On Friday, 21 July 2017 15:38:32 CEST Benjamin Kaduk wrote: > >> On 07/21/2017 08:23 AM, Hubert Kario wrote: > >>> Signature Algorithms for ECDSA now define both the curve and the hash >

Re: [TLS] Consistency for Signature Algorithms?

On 21/07/2017 16:00, Ilari Liusvaara wrote: > > I suppose some new dual-version TLS 1.2/1.3 libraries might have the > same issue as mine: supported groups is just plain ignored for ECDSA, > and siganture algorithms have the TLS 1.3 meanings, even in TLS 1.2. > That is potentially a problem

Re: [TLS] Consistency for Signature Algorithms?

-- Dr Stephen N. Henson. Founder member of the OpenSSL project: http://www.openssl.org/ On 21/07/2017 20:45, Dr Benjamin Kaduk wrote: > On 07/21/2017 08:41 AM, Dr Stephen Henson wrote: >> On 21/07/2017 14:23, Hubert Kario wrote: >>> Signature Algorithms for ECDSA now define both the curve and

Re: [TLS] Consistency for Signature Algorithms?

On 07/21/2017 08:41 AM, Dr Stephen Henson wrote: > On 21/07/2017 14:23, Hubert Kario wrote: >> Signature Algorithms for ECDSA now define both the curve and the hash >> algorithm: >> >> ecdsa_secp256r1_sha256(0x0403), ecdsa_secp384r1_sha384(0x0503), >> ecdsa_secp521r1_sha512(0x0603), >> >> This

Re: [TLS] Consistency for Signature Algorithms?

On 07/21/2017 09:34 AM, Hubert Kario wrote: > On Friday, 21 July 2017 15:38:32 CEST Benjamin Kaduk wrote: >> On 07/21/2017 08:23 AM, Hubert Kario wrote: >>> Signature Algorithms for ECDSA now define both the curve and the hash >>> >>> algorithm: >>> ecdsa_secp256r1_sha256(0x0403), >>>

Re: [TLS] Consistency for Signature Algorithms?

On Fri, Jul 21, 2017 at 8:00 AM, Ilari Liusvaara wrote: > On Fri, Jul 21, 2017 at 02:41:50PM +0100, Dr Stephen Henson wrote: > > On 21/07/2017 14:23, Hubert Kario wrote: > > > Signature Algorithms for ECDSA now define both the curve and the hash > > > algorithm: > > > >

Re: [TLS] Consistency for Signature Algorithms?

On Fri, Jul 21, 2017 at 02:41:50PM +0100, Dr Stephen Henson wrote: > On 21/07/2017 14:23, Hubert Kario wrote: > > Signature Algorithms for ECDSA now define both the curve and the hash > > algorithm: > > > > ecdsa_secp256r1_sha256(0x0403), ecdsa_secp384r1_sha384(0x0503), > >

Re: [TLS] Consistency for Signature Algorithms?

On Friday, 21 July 2017 15:38:32 CEST Benjamin Kaduk wrote: > On 07/21/2017 08:23 AM, Hubert Kario wrote: > > Signature Algorithms for ECDSA now define both the curve and the hash > > > > algorithm: > > ecdsa_secp256r1_sha256(0x0403), > > ecdsa_secp384r1_sha384(0x0503), > >

Re: [TLS] Consistency for Signature Algorithms?

On 21/07/2017 14:23, Hubert Kario wrote: > Signature Algorithms for ECDSA now define both the curve and the hash > algorithm: > > ecdsa_secp256r1_sha256(0x0403), ecdsa_secp384r1_sha384(0x0503), > ecdsa_secp521r1_sha512(0x0603), > > This is in contrast to the TLS 1.2 protocol, where any hash

Re: [TLS] Consistency for Signature Algorithms?

On 07/21/2017 08:23 AM, Hubert Kario wrote: > Signature Algorithms for ECDSA now define both the curve and the hash > algorithm: > > ecdsa_secp256r1_sha256(0x0403), > ecdsa_secp384r1_sha384(0x0503), > ecdsa_secp521r1_sha512(0x0603), > > This is in contrast to the TLS

[TLS] Consistency for Signature Algorithms?

Signature Algorithms for ECDSA now define both the curve and the hash algorithm: ecdsa_secp256r1_sha256(0x0403), ecdsa_secp384r1_sha384(0x0503), ecdsa_secp521r1_sha512(0x0603), This is in contrast to the TLS 1.2 protocol, where any hash can be used with any curve.