On Tue, Jan 03, 2017 at 04:40:53PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 03:22:56PM -0800, James Bottomley wrote: > > > I think it is very important to natively support the sign-only key > > > usage restriction. TPM1.2 goes so far as to declare keys that can be > > > used for arbitary decrypt as 'legacy do not use'. > > > > > > IMHO the best way to do this is to look at the sign operation openssl > > > is trying to do and see if it can be sent down the sign path to the > > > TPM. Only if that fails should the decrypt path be used. > > > > The problem is the MD5-SHA1 signature of SSL and TLS < v1.2. This > > cannot be performed by the TPM because it's not listed as a supported > > signature, so the choice is either to deprecate these protocols (not > > really viable since they're in wide use in old websites) or use decrypt > > to do the signatures. Once we get to the point of having to use > > decrypt, there's no reason to preserve the signing distinction since we > > never know when a key will be used to decrypt or sign. > > I'm not disputing your analysis, just remarking that it seem very > undesirable to ban *all* sign-only keys just to support a single > legacy SSL configuration.
Could this configuration just marked as unsupported, or not? > This is why I suggest looking at the sign being requested and using > the sign path if it is *possible*, otherwise requiring a key with the > broader key usage. > > Not everything is SSL - openssh uses these routines too and it should > be able to use the sign only key type without a limitation? > > Jason /Jarkko ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ TrouSerS-tech mailing list TrouSerS-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/trousers-tech
