\documentclass[helvetica,fancybox,landscape]{seminar} \centerslidesfalse \usepackage{graphicx} \usepackage{slidesec} \usepackage{url} \input xy \xyoption{all} % Letter... \pdfpagewidth=11truein \pdfpageheight=8.5truein \input{seminar.bug} \input{seminar.bg2} % See the Seminar bugs list \slideframe{none} \renewcommand{\familydefault}{\sfdefault} \usepackage{fancyhdr} % Headers and footers personalization using the `fancyhdr' package \fancyhf{} % Clear all fields \renewcommand{\headrulewidth}{0mm} \renewcommand{\footrulewidth}{0.1mm} \fancyfoot[L]{\tiny Eric Rescorla} \fancyfoot[C]{\tiny TLS, IETF 67} \fancyfoot[R]{\tiny \theslide} % To center horizontally the headers and footers (see seminar.bug) \renewcommand{\headwidth}{\textwidth} % To adjust the frame length to the header and footer ones \autoslidemarginstrue \pagestyle{fancy} \newcommand{\heading}[1]{% \begin{center} \large\bf #1 \end{center} \vspace{.4 in}} \begin{document} \begin{slide} \begin{center} \LARGE{{\bf}TLS 1.2 Status}\\ \vspace{.3 in} \large{Eric Rescorla}\\ \large{Network Resonance}\\ \large{\texttt{ekr@networkresonance.com}} \end{center} \end{slide} \begin{slide} \heading{DH Group/Exponent Checking} \begin{itemize} \item Basic issue: TLS uses arbitrary DH groups \begin{itemize} \item Chosen by the server \item What if the server chooses an unsafe group? \end{itemize} \item Proposed solution \begin{itemize} \item Client SHOULD verify DH group correctness and modulus size \begin{itemize} \item Need a reference for how to check. Help! \end{itemize} \item Server MAY use a known group \begin{itemize} \item But no hint that this is a known group \end{itemize} \end{itemize} \end{itemize} \end{slide} \begin{slide} \heading{DigestInfo} \begin{itemize} \item We now use DigestInfo with RSA signatures \item How is Parameters in AlgorithmIdentifier encoded? \begin{itemize} \item MUST be NULL \item MUST be accepted as empty \\\end{itemize} \item Outcome of a decision in Prague: \end{itemize} \end{slide} \begin{slide} \heading{Cert Hash Types} \begin{itemize} \item Some comments on the list... \item Generalized to signature hash types \item Added a preference order \end{itemize} \end{slide} \begin{slide} \heading{Alerts} \begin{itemize} \item Any fatal alert MUST be sent \begin{itemize} \item Used to be optional \end{itemize} \item Error alerts sent before closure MUST be fatal \item But alerts don't have to be sent \end{itemize} \begin{quote} \tiny{ Whenever an implementation encounters a condition which is defined as a fatal alert, it MUST send the appropriate alert prior to closing the connection. In cases where an implementation chooses to send an alert which MAY be a warning alert but intends to close the connection immediately afterwards, it MUST send that alert at the fatal alert level. If an alert with a level of warning is sent and received, generally the connection can continue normally. If the receiving party decides not to proceed with the connection (e.g., after having received a no\_renegotiation alert that it is not willing to accept), it SHOULD send a fatal alert to terminate the connection. } \end{quote} \end{slide} \begin{slide} \heading{Signature Hash Agility (I)} \begin{itemize} \item Need a hash indicator \item Also needs to be indicated in cert \item Proposed new struct \end{itemize} {\tiny \begin{verbatim} struct { select (SignatureAlgorithm) { case anonymous: struct { }; case rsa: HashType digest_algorithm; // NEW digitally-signed struct { opaque hash[Hash.length]; }; case dsa: HashType digest_algorithm; // NEW digitally-signed struct { opaque sha_hash[20]; }; }; }; } Signature; \end{verbatim} } \end{slide} \begin{slide} \heading{Signature Hash Agility (II)} \begin{itemize} \item Pasi suggests that \verb^digest_algorithm^ be an AlgorithmIdentifier \begin{itemize} \item Allows carrying parameters \end{itemize} \item This isn't the ordinary TLS style \begin{itemize} \item But we may need parameters \end{itemize} \item Proposal: pack into the signature if required \end{itemize} \end{slide} \end{document}