Nelson B wrote:
Jean-Marc Desperrier wrote:
>> [Key agreement with DHE/DH ssl ciphersuites]
So theorically should it be required or not ?
And does NSS required it ?
I think the answer might be "no" to the first and "yes" to the second,
which would then be a bug in NSS.
https://bugzilla.mozilla.org/show_bug.cgi?id=237877
I have a few comments but I'm not too sure so I don't want to add noise
to that bug too fast.
Reading RFC 2246, 7.4.2 (and A.5 that's a lot more explicit*) I
understand that DSA certificates must be used with TLS_DHE_DSS_xxx
ciphersuites. TLS_DH_xxx can only be used with a DH certificate.
It's established usage that DSA certificate need the key exchange bit to
be used as server certificates, ie that you need key exchange to use
TLS_DHE_DSS_xxx. The consequence is that TLS_DHE_RSA_xxx ciphersuites
should likewise require the key exchange bit.
It's also established usage to allow RSA certificates with key
encipherment to do TLS_DHE_RSA_xxx, implying that digital signature is
enough for that. But if it were really so it would apply to DSA
certificates too, and they would not require the key exchange bit.
Only DH certificates would be left with the need for the key exchange bit.
The second usage is much more recent and I think it might be in error.
If not, then in order to be coherent the requirement for key exchange in
DSA certificates must be removed.
Would be good to rise this in the TLS IETF group.
* RFC 4346 A.5 :
DH denotes cipher suites in which the server's certificate contains
the Diffie-Hellman parameters signed by the certificate authority
(CA). DHE denotes ephemeral Diffie-Hellman, where the Diffie-Hellman
parameters are signed by a DSS or RSA certificate that has been
signed by the CA.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
