IETF Logo Mail Archive

Re: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt

Daniel Migault <daniel.migault@ericsson.com> Fri, 07 April 2017 19:54 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66AE612741D for <curdle@ietfa.amsl.com>; Fri, 7 Apr 2017 12:54:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.197, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGtldWG24uVd for <curdle@ietfa.amsl.com>; Fri, 7 Apr 2017 12:54:28 -0700 (PDT)
Received: from mail-lf0-x230.google.com (mail-lf0-x230.google.com [IPv6:2a00:1450:4010:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE1631267BB for <curdle@ietf.org>; Fri, 7 Apr 2017 12:54:27 -0700 (PDT)
Received: by mail-lf0-x230.google.com with SMTP id s141so11689040lfe.3 for <curdle@ietf.org>; Fri, 07 Apr 2017 12:54:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=X8v2KLIXe3d1hKt+zw3jzQAmeOaqH3V/134b7fvsvTY=; b=OnfEN8UCdhYq+FG3wsRMy+AYzf7dZADIs6rU0QeJrWRNUuaCdeybpZkjUNoUNIXLQI VqcCVrPJLzWKDFjnnS4sRqB4X0/FNRJR7qor9hNHdQcmc+Y3muOKgL16VRrfyxeHGfvJ 8WXfpfF1yiFd+seuZyYgtwXNxAOvQLnMwl0TKKadSAdbqCfk/ksTjBeJQFgudz15KaI2 9yOsVanvR2/1ZipkyX8PZ08zWd/ccjmgWN18ruxo0ogEhI7k+NbLRY3kWqla9M2JImP+ ImQM4LHV1pkabwuzNUhDRZCpEuKdu4JnZQilt6yzciSd2VUwLyTL88dxgG9Y5IXatX0n 8+VQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=X8v2KLIXe3d1hKt+zw3jzQAmeOaqH3V/134b7fvsvTY=; b=bPLmcRq6LAiFbqN8q0cQxirmVwABLqFHmmNqVzl8vJc82r4csnfRZI6U2lL/8LcXCW lPQVm1ArP7musS1FYUyjrnNO/DVdBZnLA2BdyLFK8hXUGlW/hovFQv0xd4uZEIqZhB26 p7VgMi2FPIitWl/ohzAXS3aQV/USyEpISlti1VPAwzgxy+yXwr2QKL5AhvcFG8ynB5LD HjBWXUJpR99z05fWcdryNJEtx0t44hPw+gcxFUcKiCQzcu/elUn+cTImSZ+ZS3oMzgCU 0a/xtWqRnoI3w1cBc+b87Ljedt9vUXpgz0DEPwkopUFxdyTrqaBv9EBDlKL9VQFMoNZ6 2nHQ==
X-Gm-Message-State: AFeK/H2aXQhseFOwoirODIV8s181hK4giEiMJGfYqUWqY3J8JQpfDOUo65tfBcV4BfHaJy95LcB+IkL5Opi+Rw==
X-Received: by 10.46.0.5 with SMTP id 5mr12898982lja.35.1491594866265; Fri, 07 Apr 2017 12:54:26 -0700 (PDT)
MIME-Version: 1.0
Sender: mglt.ietf@gmail.com
Received: by 10.46.69.85 with HTTP; Fri, 7 Apr 2017 12:54:25 -0700 (PDT)
In-Reply-To: <CACsn0c=62mYoYm5MMBK5WKXQjffFBrHDd1EgOZ7vo-JkDgg+Dw@mail.gmail.com>
References: <CADPMZDByTiWov0vp2Tk1n9dnnkfwepO+UsAnh3rdsrbem2H=VQ@mail.gmail.com> <1490575901696.39454@cs.auckland.ac.nz> <CADPMZDDNZTznKBJ2-vf4MJFjP0Bx34ALF8JCVBhwv12Pdm=XcA@mail.gmail.com> <CADZyTk=L2mKheNkHQ+jtecspLnR2rGc1BajkTKQ0G3cynxkwow@mail.gmail.com> <20170327072447.GA2827@LK-Perkele-V2.elisa-laajakaista.fi> <CADPMZDAmuUKy_AJ9aYd4YYAmO5ZU-8z0P7EZwq2aG+jJM-kRaQ@mail.gmail.com> <CADZyTk=r9quAZxvyQgLd7PrvvhzoQ96s5CPqHcFNaGez8igYcw@mail.gmail.com> <CACsn0c=62mYoYm5MMBK5WKXQjffFBrHDd1EgOZ7vo-JkDgg+Dw@mail.gmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 07 Apr 2017 15:54:25 -0400
X-Google-Sender-Auth: 3GUVuuJMY0kfbYYN4GAOzAZKw0k
Message-ID: <CADZyTkmXNj+-v8PJwdEdrBVk3D0zB3jRvdoW7B9_vUguLxbG5g@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: "curdle@ietf.org" <curdle@ietf.org>, Ilari Liusvaara <ilariliusvaara@welho.com>, denis bider <denisbider.ietf@gmail.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary="001a1142b998271544054c98fed0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/R5H-OYPzGJAp785e8Y1ioMkNwW4>
Subject: Re: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 19:54:30 -0000

Hi,

My understanding was that PSS is proved secured while pkcs1v1.5 is not.
Could you provide reference of such exploitation, that would be helpful.

Yours,
Daniel

On Fri, Apr 7, 2017 at 2:50 PM, Watson Ladd <watsonbladd@gmail.com> wrote:

> On Fri, Apr 7, 2017 at 11:43 AM, Daniel Migault
> <daniel.migault@ericsson.com> wrote:
> > Hi,
> >
> > In the chicago meeting [1], the consensus seems that even though pss
> would
> > be defined, there is no plane to implement nor to use it. I am confirming
> > this consensus on the mailing list. If you desagree with that, please
> raise
> > your opinion. If not we will move the draft forward.
>
> I strongly object. PKCS 1.5 signature verification has a long and
> inglorious history of exploitation. PSS does not. Ideally everyone
> would have used FDH or equivalently strong signatures, with simple
> verification, but that didn't happen.
>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.23.0 | Report a Bug | By Email