Re: [CFRG] RSA PSS Salt Length for HTTP Message Signatures
Brian Smith <brian@briansmith.org> Fri, 28 May 2021 18:15 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68DF63A307E for <cfrg@ietfa.amsl.com>; Fri, 28 May 2021 11:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VRb429xNw9jE for <cfrg@ietfa.amsl.com>; Fri, 28 May 2021 11:15:11 -0700 (PDT)
Received: from mail-pj1-x102a.google.com (mail-pj1-x102a.google.com [IPv6:2607:f8b0:4864:20::102a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFE2C3A307C for <cfrg@irtf.org>; Fri, 28 May 2021 11:15:10 -0700 (PDT)
Received: by mail-pj1-x102a.google.com with SMTP id g24so3016814pji.4 for <cfrg@irtf.org>; Fri, 28 May 2021 11:15:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=erNGjibZv6grj1Stf+egjiaieAS37ddubmPa+Dqkobs=; b=rC0txy3FIe34/eylJlCepiPnJrgJlC9nbboMF37rpZu7Fyw2JTM0HHfFPhg+idm+kA T5bdmpGWrKtSsvVxkUtQk+oalD2yqQIduB9raZWR7qxqfrCxNqkVt91HVzIySokz5ZOw DKKxSo+HglHT42dpU+sjxqrbC1/Aql4n071oSQlgWrMdUTuP0bM5WvPvMY+/iQH5OV0k uTff9ffe9MptZTFMr1x42fvDvfovAY9/sBFIG3Uu5dY7ue6W+QGc4WMbrnJ5vh8Xbqju wDXFQWp/TQBvYSkSjr9zEhdgFLfcbqCAk1abHmdKe9ey60HcaTqOa1oT3piuX6WQ8QGm caag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=erNGjibZv6grj1Stf+egjiaieAS37ddubmPa+Dqkobs=; b=pMP5Wk3+D1iJbP2d7Of/iPlmj7lV8m3T6rFfpS5FPnczuAWzrjYBsAutBtFGlBlsLq V3h4jpnIS0kFKRXZixgRb0zVLE3KLtoURbUSEzbmpmGbGF0OqsFqhXSpraYZjybn7fHk hTthm3APui9trFBPsc1+pnJupJd7eNa+9y+pXDyYoOSqD13Ppg6FaofMu/OLNoIvbfC7 gosYoXzSwnSap69aOLOcxA4W+euKNMHO/bTXnSAAPshgbiwmEcs5fUrkLeypYCeOEfmX QMP7z7TNJLTvi1+Nvzn+BOzXsjLqlOQFskqmJRfQM8Y6zaPl/yx3wzDtcCsdNALi0E9X s4bA==
X-Gm-Message-State: AOAM5335SUzW33HPsF3H8tZ70cw1VCeNC2+VN1qO7njGquKO/PE/pQIz tObiI/Rpg2Vvk539TB7BfOU4FV332aVJ58g1aPcWuw==
X-Google-Smtp-Source: ABdhPJxPlOYIKs3d4haG/o3LYwxinydyNXUqlwY5UK6aNnFWsuUE+0VZ3AllmXo+Q9kipwQJugiEjqC2T7q7UhE9fqw=
X-Received: by 2002:a17:90a:4d01:: with SMTP id c1mr5799446pjg.143.1622225709896; Fri, 28 May 2021 11:15:09 -0700 (PDT)
MIME-Version: 1.0
References: <1EED8807-C5C5-461F-BE60-34C44791849E@mit.edu> <1BF68544-CB14-4A60-88BB-4E80E2D9A094@vigilsec.com> <CAFewVt54d6NGEYOX6Tx=gMf+p9NqTVkb9VkRxr+VZL5eDSmhmA@mail.gmail.com> <20210527232354.GY32395@kduck.mit.edu> <67015DB5-A45F-41C7-A236-C54DEB30DD8F@akamai.com>
In-Reply-To: <67015DB5-A45F-41C7-A236-C54DEB30DD8F@akamai.com>
From: Brian Smith <brian@briansmith.org>
Date: Fri, 28 May 2021 11:15:00 -0700
Message-ID: <CAFewVt4EtJG+kJgiWVtdZznDOubsu1POUoVmzht-DecxjxDemw@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, IRTF CFRG <cfrg@irtf.org>, Russ Housley <housley@vigilsec.com>, Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary="0000000000002f2fab05c367dbc2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/tXmV8btsASyFNrqzzDoMXcgA6KI>
Subject: Re: [CFRG] RSA PSS Salt Length for HTTP Message Signatures
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2021 18:15:15 -0000
Salz, Rich <rsalz@akamai.com> wrote: > Perhaps reconsider PSS. > https://www.metzdowd.com/pipermail/cryptography/2019-November/035449.html > is excellent reading. > I agree with most of the concerns in that document but it's too one-sided against PSS. A lot of the noted concerns are addressed by following the advice at the very end, by only using PSS with fixed parameters like TLS 1.3 does. Note also that RFC 4055 says "For similar reasons, one RSA key pair should always be used with the same RSASSA-PSS parameters (except possibly for the salt length)." The easiest way to follow that advice is to fix all the parameters in the protocol. Cheers, Brian
- [CFRG] RSA PSS Salt Length for HTTP Message Signa… Justin Richer
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Russ Housley
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Peter Gutmann
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Justin Richer
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… John Mattsson
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Justin Richer
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Richard Outerbridge
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Brian Smith
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Benjamin Kaduk
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Martin Thomson
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Peter Gutmann
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Salz, Rich
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Justin Richer
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Brian Smith
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Salz, Rich
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… denis bider
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Neil Madden
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Neil Madden
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Peter Gutmann
- Re: [CFRG] RSA PSS Salt Length for HTTP Message S… Neil Madden