IETF Logo Mail Archive

[Curdle] draft-ietf-curdle-rsa-sha2-05

"Mark D. Baushke" <mdb@juniper.net> Mon, 17 April 2017 16:51 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F83512922E for <curdle@ietfa.amsl.com>; Mon, 17 Apr 2017 09:51:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FfaYgZwbjzbg for <curdle@ietfa.amsl.com>; Mon, 17 Apr 2017 09:51:41 -0700 (PDT)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0121.outbound.protection.outlook.com [104.47.38.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F8A3131663 for <curdle@ietf.org>; Mon, 17 Apr 2017 09:51:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=v+Zm7swz+cb8VFDf5HeccYGMM5kTKgGUKJD7oZ+A6R4=; b=YheYXwBbf7Q5jJS+cQJ4zSGjsb1a4b4Ei5DzFDjvmEKurbqmDHRHAxPlqjbt+MsVFpUsOeKQAF9urJnBxMVLDw/Xp6FZ65ec157OmYLcXrHlOEdkQdRG0llqdClRV2pnffioHTaKZGfflNBbORU9w4loOxakhX1Bd0egr7VavC0=
Received: from SN1PR05CA0017.namprd05.prod.outlook.com (10.163.68.155) by BN3PR05MB2449.namprd05.prod.outlook.com (10.167.3.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.6; Mon, 17 Apr 2017 16:51:38 +0000
Received: from DM3NAM05FT014.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e51::200) by SN1PR05CA0017.outlook.office365.com (2a01:111:e400:5197::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1047.6 via Frontend Transport; Mon, 17 Apr 2017 16:51:38 +0000
Authentication-Results: spf=softfail (sender IP is 66.129.239.12) smtp.mailfrom=juniper.net; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=fail action=none header.from=juniper.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by DM3NAM05FT014.mail.protection.outlook.com (10.152.98.123) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.1019.24 via Frontend Transport; Mon, 17 Apr 2017 16:51:37 +0000
Received: from p-mailhub01.juniper.net (10.160.2.17) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 17 Apr 2017 09:51:36 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id v3HGpZ0A008035; Mon, 17 Apr 2017 09:51:35 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id F33C211454; Mon, 17 Apr 2017 09:51:33 -0700 (PDT)
To: curdle <curdle@ietf.org>
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Mon, 17 Apr 2017 09:51:33 -0700
Message-ID: <7182.1492447893@eng-mail01.juniper.net>
Sender: mdb@juniper.net
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39840400002)(39450400003)(39400400002)(39850400002)(39860400002)(2980300002)(199003)(189002)(9170700003)(8936002)(50986999)(110136004)(53416004)(2906002)(6306002)(6392003)(77096006)(47776003)(7696004)(356003)(81166006)(7846003)(6266002)(2810700001)(54356999)(305945005)(53936002)(966004)(8676002)(38730400002)(7126002)(6916009)(50466002)(106466001)(189998001)(86362001)(48376002)(117636001)(76506005)(230783001)(105596002)(5660300001)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR05MB2449; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; DM3NAM05FT014; 1:1o4XOJnYHz7/e4nx8h5RI7yiOxnS3/YEpqvzieu/nZqRypj07Z/dSJBE9SlqsqSrtwz2vp4O9Il8nzsX3jP5pEalN6AxvQHEQ0J8682ei5WuBsRcpprHVuEiL6hzGuKF2D55KXh07vUCF+U/w/wCkK0EfjFCCTLYvVtEqSJL0aqWf1G3nuoN5aVwzw06e7eJbFW8tqNU48Vut2kr301oEUYp/5hKirKZGxDMvkApC/WlUjrB3WeP8lEYOWCXXQUqlvX9aPk3NPeUL4KOPoYFS5oOZftF0bl5aObYWIhjrc8UdljmDkBMgluak1AvXsiTVquldfRjnSy5hlWuHYuBGoOruFW0Hr3T4pD+iZBXrRy84lLxy4/4g0xs5LG00ioQj2Ut8yada72coEVFvnGQCOCRt9DxK8EevJbruHtSEX62QMonhU8d6r2U+Q5BDeOBLItyS4lO3K29HEH1Dt9h6w9LnfKkD5Uv97iQxR7mFyk5TBTlI3qRvO/8IQc3xkNYpuzcLGsQ08IzSoZ2df2S5aoETiLQi6Ru6Wgi+qtbMs++qiXN74LQtXim4ULPlOdr
X-MS-Office365-Filtering-Correlation-Id: 2be46184-0ceb-4722-0b6d-08d485b203ab
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:BN3PR05MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BN3PR05MB2449; 3:vCJI4szhWc6/rnpHpaMtvhB71xhQVd4rrzynvzqp/5hPvMbAD0UCOQPgQvfAj7copHcC0/HzKl2gSyLCgn9uNYSb+TTk7ET8V+YfpZOVQK45qjde7LOMK3eBy5ToOBy2a1BSdljHDyRzMZ9QX+CF8idYhIvFKC/iqTNEXDfng0nK5HUtxAMdNbxYtIxvs0NSNDoeZUPTUVpxunoVAt5jf87mDp0/dfQ0jK2Mi3XLFuTWyJIasgOOVaaR2Pe18NOcmOLCIEosY7ayyAp/1pWy6vfGHu6U2dB4sYDDbDMrDEs3O7flxmOhV4CDAq8RW+KvsJUN2TUK6TV3lA4tBQ1mcv1kyFPUkvwr1YHeq0d0QGZMDXbbwyytS5iBPTBqO0mjCPQjvuAmIQFXrkb7qxW3t8NYHRYCE5CugqysWmPTq7OInc5MgbWLOuj0/dQs7B6eoA0wff8Q+Azq3p2rc61Y5g==
X-Microsoft-Exchange-Diagnostics: 1; BN3PR05MB2449; 25:BPoWULDvBCXaZ2khkGEMu5//XEVe868jDLKbPnLfgEexEBOFwmMPSivE97NP5wSbOZZ5K7YM2nF0NVL5iqiK6++Ub0TKNbmTmadSceKMFsR+NBbHHswmI+kLeNF4LmVVl9v7k3u8yVz4v5GdQPZwguYCmfEjaNbZFW5jg3XGe4jeggeDZWTpuQ4AGsrwlltZa0wdUkOFYXnc95aZ0SpoNc8QAwKuX5pEbf/dgua728Du+1DRHqlS4NAsxhe5givve1tXWPH5iP/gZQWAsTgQ7H2UEFsdTeRC1GGXpXccRURt9LQttOPOWN1OYXi9Wbf8M6E8lNN5NESxj4ZdYkfSFwLQfriCIKXrUPLcvpavzE6SOpsSOLqbjnTTuSbLklzKgBoTv8FElkiLMzr9St24la9ZzatpqVPT5V3Z94Bt8d4ieycsDigbyUwgNu/boEYIMD+Xqq0ZOgtjrbDOlAyJX05dNAC9B4HTDpoiSuQ4AOk=; 31:hTQEEhe6+1H/QW7xBnFuPnD9rC4LwV9WcZkAVgYMhmj5vS/nwoRR2suhV3i/Xfsdf3m06L410VQKL3bxDtFLNLsldCcwPAR5qFeV2Op5vJjNS8p0jqgHY/H056ARmyjiC7os5Hwzau5pysR4A12WQgFQbmbfK6U0zkVJXqHrRmk7kRScmBVT3Nob+C64HNZ5gnLn4UuOYRBv3FQf6ldr/7uU6PJ9TYs2sm52Q8zJOcWyelY1m1dTBv94lAynLvAoCi8XFwbetOzVIzJpNdrYF1wjI2I3+Rfw0S7aptGDRwQ=
X-Microsoft-Exchange-Diagnostics: 1; BN3PR05MB2449; 20:bTJddvqFn7D3QD+lLwRb4CrB26NjbC+wOFlOPgUgch8EY4Gc4q7AJO7YNyiQrH6WJj28FShRofMjtsGf0ZQN7RROvdXbtK7H8gkyFOlBEzBrLnSN5JrSWFR+9Fde4hT7c8ILzIY/+HXHdS93m/m+s6A3Zvhqe2fnrhhWEgrbb7YsORQY2oHBsai5ym2GJwEmLIKwuxojSt80RxYY23EZOLC5zlhbEtJk6o697hisPOEaXkYslHfEB1WqC/B+P6mE3Of6KREq/JTd0VzaTt/QzdNa8J5yQYWQBHKFwMNqV9C4v6kOMwZsdIdl0+CKRwZokajlXCOrr2AYnuUaq6lx6XYKbNOMJb6NEbXxShlS+kXvTxZfkQ5fjSbXF4Q45soOWz2iNoGs+E/yOQfdj9sDJkNo/jCotgEvXzKlFReV19LBo2e9fN6fRtWLT1H7P0/H04A8+jxnTrtk+TdBsUgk3CWfGH+An7ZKWixH/aRiNS263z2oAMw7GHlpsDYA+dun
X-Microsoft-Antispam-PRVS: <BN3PR05MB24493B9C2F22249EA6F279EDBF060@BN3PR05MB2449.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(13015025)(13023025)(13024025)(13018025)(13017025)(5005006)(8121501046)(93006095)(93003095)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(20161123564025)(20161123560025)(6072148); SRVR:BN3PR05MB2449; BCL:0; PCL:0; RULEID:; SRVR:BN3PR05MB2449;
X-Microsoft-Exchange-Diagnostics: 1; BN3PR05MB2449; 4:JbiQ5O7tjbYZjrC//auU3DyDpg779r2EUy5i6rEdL10bwDTOzvA+/OSSiZ7awL5BIUeYo1I2N60GcaYOZ6NaLNuzkzG+rAK3D0+eoRBJPDOAHumWJwbC2zF7g2fCHfh+BVUv4bOn+AyjrIKTdFaA8qaopGiTUwHY/xrR/VtuM6NBV5wXtvsO/1UnffzIIAGuPB41TuZpZKa3RWnJAdUj1QhK8KsUhYtTcYai+8VpKkWX+rI1roivM87HMlaLXq246NzRFb1qF+FeH64I24Atu8udmpS2XNpPXXDVGo9l2hxIzNsiFkzuLlc1umv+P8uXquy8tEl6GPvkPPorISt+rPVa2MihMvBzUkKnBj5SVuBe702JSKzQ/d+lqfpNQaSlQsBT7aG55KJ4LMAtLfZtAiq49vhXAwFPAdSIFKHrHtUbVaoxN7fLkVwpwsy4xzMl64ZxcA/DwslrBtMs+SsbOjqf5XsJCwxZBYlrdUUzuCJ89SBeZv4b4BMTzvkGdTWaj5cAIndc5dKxecqJYuqkJ1g5f4J57mRNLbZIkRoycr/CQPDRunqaXFMSUmJU7MLX95lqzyBxaGV78njVR2nbpCss5gIZDhgZ/9qoWMeW6P754QZOFMd9POgUznm5j8+5fSaBri5A4XXRD3+8FIKFfAA4YH8x3LEOc05UopsmXb1nTtRGcIM2r+UZKvJ+j/Cii1TlBOB0MznUGqDdmjYw5+azLlfEHcXSeMVEj/AOOi73PJMzUJzZa+1FrURxiO6Z2eDPX6rx0b3w+15xzUCr74Am9mbymyeq7ctzoc9tiG24M+YCdgaL8lJAhHVoIYfMgCKRE1xh+2KwTV9nPSzJTA==
X-Forefront-PRVS: 02801ACE41
X-Microsoft-Exchange-Diagnostics: 1; BN3PR05MB2449; 23:TDh3hoCqOO3RZSRMQS370RLBald5A6tm4yrnYBhcmWikB0SLfAedxR43qvB0jV444iFL9RBdesoJBVNF/nmniLrqFL7+4peEYFkKNuLAujuvY8RuG5RmroGQ06NSDHgDhlz3/cDhz+4Fvl2lfzVLScn3tl01fq/Q07QrQruCiYDc6DmxQ4Bfl3HpNdlOr/LaHgc+nbsmledCpC0B3waXr15ZwINu2KDjOAJ6qHWlTA6Ysk/VSyZMmn/ssL60ceSLUD5ZUjTAngb2WSTBivKokOPfy69r3ZvRFprBIyN19xKqyV701o3SrpOiEkIdykqPGAeOCu6iJvgDAfVqn74itrSwe3lzprJWGcRIHz0p+Bp0lPeDtGNGNLDUoXnL9NZhVf1Lx/E2PDSb20MrBFjSjoR+NgaXIrsy0F+yN0udcnKZ5VJ4pgMECxji1FY0CJgH1FHxSFUMUtOfnwuueaCiusNhU9pBExGreOE9dcyLbFEcxR1PPhDFvZfCI7luqjNVeaC6jzBnMqJgC9knfD9bwaXvtL4ZAqFClFpO688MZIVc+ALkuoOW+Iq/ZO42zZ6PXHSdwOv4jUaAZeAi2AeKlJYraSPicdPLjAjthVmkBpAhgBq3obeIv8Xj41AGUXJJLtum/PS9n92wBrp/zDr7Cg5Fm9FTJCx4k0KVTwLQGCe/cOO9yIULdbn45m2wEstcdDw4IIXPvmWyf30c4YGAHEtcBIAWxs8csI88moBJIVer4XHFloDUl6ao+NBrMizbm3luiWU9vcRWSZ0+z0VM8xFIl6qv4ae7BjZPTLoHqUtMTAYqBLI7FsVf3gkfbjeiaudP6mwXdpn114wbKW0UO8rBC0bYpvlHDbF6SjEr6HOrBitqMSfoqbITq2pMM33vLHQyYsHadKpjPkuTnOsiE0JKrBUITAkkEOprIvAF1KiZc7MsKDmliPfeJFInTiS1RYuUzMh2DbTi9UGhHzLrcaO7M/FpKBxkaEU99VBK08CnDQIBckghXz6Gp+saQd8GYAMLirXnrVejHo4dkHbfpaUAIVTj6p1eBrrZdYOuFcm3lSfGSacmw3J/lavwlrNi
X-Microsoft-Exchange-Diagnostics: 1; BN3PR05MB2449; 6:/2T135GmRk8J8qff7oQKdfy9u3erjIU1Nn531i4TOgfLn0J7rVC8xQIgovmpoWF0dtsFQH5PvVN3lm4ERGB1uC1tVE0H3S2LT/RsoPf9exZgB2jSt/GSCHjOwKVhIDGTT8bF6jpg7iphkj+9kvTMk4rHmG8vxM+Bt8FCDA1lAEUFcqvXxwZZXMcCD8ttM2SXzr3p3hbhNC/zOki9nP06JrVrVfwKuCdmmJ7rkseckUuMZ5IwRIifmN3YvsTGwwSEXmYv+Jjf8kMIpb0SD6SRXKYgzncuZvAOeJf/IPCMSYgTdkMyeAglqYidRab84UsPr4cIhJeWoSYMHQr4i/c2V8+hb7fdGLgJH4ObtS0XM28wxOLiB8dLSjeXyBuBa8woH7/6hNu1LpEXvUo4eRaBUfGxj5MSBbItyQS1pDcbolvOcHULMzBZNJ1XNmu+bi3raTiuvBcxbyjdmMbiQFGG3U6DP3yUxbH1sYAP2hiEYL4=; 5:wJFK3Fhm9gA7slnaQOzJux+ynnAKQ1lCvWomPYYbg01HW0YEANTE9sKxifENS4YH5/U/UDMC+LNVcL0aOZFKg7XQAXlEMBBe6EVp+lYo7za8cVW5B2YB+tOMps5xiz3TrS0DMG8v2PCuyC8B4iRhTg==; 24:/nlPbthbGn7citGMVJGU4s8ve95e14/3awe6ScY6yKEXPPPbd6Mcfo4bWvjdiqDYXc4hu1JuAEAlX4g0w0HGLmKW1Ftnf2N69REB6CQFxP0=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BN3PR05MB2449; 7:QkIPkjEuZrQny3P8drkchXMu8OH1JHkZ62QMkgFB7BXIsU5QYeZqezBPTWmG8q9dv468CBMOR7FTzQAQL8+0PVxtEfmDqdXUKLNA7KddhfELOoUnwf+IE0IGLf2+gsvi7UkYQe5fy2NoIiUpL6fbR05YhJTiEqMfz+vY5rreBjA/H7Fi0U5HWr8Vcvd4rBZS+sDGP2TV0TEmwm+4DZjGDyRMYAfjECtOFnvPlLEm+GkNmYi0DVgZDwS7vHAWkxPCNO54AFUqS7Dhtgx2YjZItMC7XcD8yI63V5qnSK/RDu/Z9uR3uFYDaul/rRmecRkAHN1AYKx6ZwO6Td4FOSkPGw==
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2017 16:51:37.5064 (UTC)
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR05MB2449
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/_F-LPWVwsAOWwMoYFbnCV-wlhoE>
Subject: [Curdle] draft-ietf-curdle-rsa-sha2-05
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2017 16:51:43 -0000

Section 5.3 discusses PKCS#1 v1.5 Padding and Signature Verification

It may be desirable to add an informative reference to RFC3447 which
discusses PKCS#1 v2.1 to define RSASSA-PSS vs RSASSA-PKCS1-v1_5.

I know of at least one organization (sogis.org)

http://www.sogis.org/uk/supporting_doc_en.html

In the document:

http://www.sogis.org/documents/cc/crypto/SOGIS-Agreed-Cryptographic-Mechanisms-1.0.pdf

(sections 5.1 and 5.2) which seems to want to disallow RSASSA-PKCS1-v1.5
going forward in the general case.

	-- Mark

v2.23.0 | Report a Bug | By Email