On Fri, Mar 24, 2017 at 12:30 PM, Michael StJohns <m...@nthpermutation.com> wrote:
> On 3/24/2017 11:44 AM, Martin Rex wrote: > >> oops, typo: >> >> Martin Rex wrote: >> >>> Actually, looking at the DigiCert issued ECC cert for www.cloudflare.com >>> I'm a little confused. >>> >>> This is the cert chain (as visualized by Microsoft CryptoAPI): >>> >>> server-cert: CN=cloudflare.com, ... >>> contains ECDSA P-256 public key >>> is allegedly signed with sha256ECDSA >>> >>> intermediate CA: CN=DigiCert ECC Extended Validation Server CA >>> contains ECDSA P-384 public key >>> is allegedly signed with sha384RSA >>> >>> root CA: CN=DigiCert High Assurance EV Root CA >>> contains RSA 2048-bit public key >>> is self-signed with sha1WithRsaEncryption >>> >>> For those who insist on reading rfc5246 verbatim, this chain requires >>> >>> ECDSA+SHA384:RSA+SHA384:RSA+SHA1 >>> >> ECDSA+SHA256:RSA+SHA384:RSA+SHA1 >> > > I don't think RSA + SHA 1 is actually required. The Signature over the > trust anchor (root CA) is basically a no-op - assuming the certificate is > in the browser(client) trust store. The trust is traced to the public key > regardless of the form in which it's provided. We use self-signed certs a > lot to carry the public keys and names (and sometimes constraints), but > that's not required by PKIX. > I agree that the text is a bit ambiguous on this point, but I tend to agree that this is the best reading. -Ekr > Mike > > > >> The digital signature on the server certificate looks bogus to me, >>> that should be a sha384ECDSA signature according to NIST, because >>> it uses a P-384 signing key. >>> >>> The signature on the intermediate CA is imbalanced, and >>> should be sha256RSA rather than sha384RSA. (that is only an interop >>> issue, >>> not a security issue). >>> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> >> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
