IETF Logo Mail Archive

Re: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 08 April 2017 03:43 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73B1C129353 for <curdle@ietfa.amsl.com>; Fri, 7 Apr 2017 20:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LGzh0mT0u-Se for <curdle@ietfa.amsl.com>; Fri, 7 Apr 2017 20:43:00 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B854612778E for <curdle@ietf.org>; Fri, 7 Apr 2017 20:42:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1491622979; x=1523158979; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ewdcuH1IAt6VioLB7Vjb4dyAOAwpG87QZGHxH4LxS2c=; b=pdcMwAPhWy6NIR9aTlL1zJH2eCXecJTdKdldJGJRFtkzgFo0SiP+ypWO zUbWlmyJJ1f8T7DJbQED7IW29zs9klMlrk+de+cr7ub91rU5XH3GjuqpC IrbPbZEnF/dGSdbFsVlxYSF0VPi7LX+yxio8M8b0jpofCfIFlS9ki2qpp RxKGUdEIw+2R2TiZ+p2zoWCVea0VcDIgweNu/0BSorRb9Jean2eshc+8i FdneUeL+4ae4K0np9nJJCVxi1Zag470kVLy9sCQWVA6f0ykuxGivX26qw CBRm+gZgJfg1hzygAFShxwlW4EeNv7ZWrHEucrUbYmskhco29DQtrLtpD Q==;
X-IronPort-AV: E=Sophos;i="5.37,169,1488798000"; d="scan'208";a="148584751"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.9 - Outgoing - Outgoing
Received: from exchangemx.uoa.auckland.ac.nz (HELO uxcn13-tdc-e.UoA.auckland.ac.nz) ([10.6.3.9]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 08 Apr 2017 15:42:58 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-e.UoA.auckland.ac.nz (10.6.3.9) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Sat, 8 Apr 2017 15:42:57 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Sat, 8 Apr 2017 15:42:58 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Watson Ladd <watsonbladd@gmail.com>, Daniel Migault <daniel.migault@ericsson.com>
CC: denis bider <denisbider.ietf@gmail.com>, "curdle@ietf.org" <curdle@ietf.org>, Ilari Liusvaara <ilariliusvaara@welho.com>
Thread-Topic: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt
Thread-Index: AQHSppDoJRcP16zDJU+R0iPNB50hdaGn22mQ//8x1oCAACYeAIAAPAEAgADhXwCAETaKgIAAAfeAgAFdcsk=
Date: Sat, 08 Apr 2017 03:42:57 +0000
Message-ID: <1491622956832.39612@cs.auckland.ac.nz>
References: <CADPMZDByTiWov0vp2Tk1n9dnnkfwepO+UsAnh3rdsrbem2H=VQ@mail.gmail.com> <1490575901696.39454@cs.auckland.ac.nz> <CADPMZDDNZTznKBJ2-vf4MJFjP0Bx34ALF8JCVBhwv12Pdm=XcA@mail.gmail.com> <CADZyTk=L2mKheNkHQ+jtecspLnR2rGc1BajkTKQ0G3cynxkwow@mail.gmail.com> <20170327072447.GA2827@LK-Perkele-V2.elisa-laajakaista.fi> <CADPMZDAmuUKy_AJ9aYd4YYAmO5ZU-8z0P7EZwq2aG+jJM-kRaQ@mail.gmail.com> <CADZyTk=r9quAZxvyQgLd7PrvvhzoQ96s5CPqHcFNaGez8igYcw@mail.gmail.com>, <CACsn0c=62mYoYm5MMBK5WKXQjffFBrHDd1EgOZ7vo-JkDgg+Dw@mail.gmail.com>
In-Reply-To: <CACsn0c=62mYoYm5MMBK5WKXQjffFBrHDd1EgOZ7vo-JkDgg+Dw@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/oMNDMWNe8SyqmlJEHunOoluQYDk>
Subject: Re: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Apr 2017 03:43:01 -0000

Watson Ladd <watsonbladd@gmail.com> writes:

>I strongly object. PKCS 1.5 signature verification has a long and inglorious
>history of exploitation. PSS does not. 

That's because nothing uses PSS, so there's no chance to exploit it.  By that
argument we should all be using IYOPS, which not only isn't implemented but
hasn't even been defined yet, making it even more immune to exploitation.

The problem with PKCS #1 was that people implemented it wrong in a variety of
ways, if you follow the spec (encode-then-memcmp) then it's perfectly sound.
Given that most PKCS #1 implementations should by now have been fixed (it's
been what, 20 years) while if we moved to PSS we'd be starting again from
scratch with everyone getting the chance to mess things up in different ways,
PSS is at best no better than PKCS #1, at worst a lot worse.

Peter.

v2.23.0 | Report a Bug | By Email