Re: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt
Watson Ladd <watsonbladd@gmail.com> Fri, 07 April 2017 20:52 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07782120454 for <curdle@ietfa.amsl.com>; Fri, 7 Apr 2017 13:52:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NFwkARDh4Fsv for <curdle@ietfa.amsl.com>; Fri, 7 Apr 2017 13:52:20 -0700 (PDT)
Received: from mail-pg0-x231.google.com (mail-pg0-x231.google.com [IPv6:2607:f8b0:400e:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BD70128B90 for <curdle@ietf.org>; Fri, 7 Apr 2017 13:52:09 -0700 (PDT)
Received: by mail-pg0-x231.google.com with SMTP id x125so76619362pgb.0 for <curdle@ietf.org>; Fri, 07 Apr 2017 13:52:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KlN2qd2iZzwT8zDLCdZ2AE5f7s3579muYtDuHsruauE=; b=D0kH2qaRZtJaLd89jiuxsemKDCY6vr6VzrGQd5B8Q70Pd0WncaJhjvrxC2J4iiIFzU GfyQETbFAtCNWVO1BpwhiDx5J6XUfvz9bsGmxt6bozEJ7S7GhLUYQqkrNjY41ntFM/Md 4NfAg6sSLR43IXsr2wCwx2qAFHGz7CJZm72OEMhaWThfBejucZXGjzfcWujtT7uZZIvR AwRbDb3vtS53pSj5bCtQlYpw40GBv5SFVEy+q+qVaG2pyVRc3DzMA3ro3/GniRk0jGqT 7pA3yWiMRP1E6I4c+odNiy4NENBxQXeAK4W9aTKrTepHPeTRm+1o+dFiGqdHHeNF65RV oPNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KlN2qd2iZzwT8zDLCdZ2AE5f7s3579muYtDuHsruauE=; b=aNIqQCjGaPMMh5MUArP1q1jCcLjyRgYJADxNtrgHD0w5Fea6wME69FA5zAHNI9UjVo uwPqDyPY8xhsRmTLLxRLbVfC6k0m4yleTfWqYrKDfoYNlMn9l7N6w0gj1YhUTtX5UmO1 MjEKuusI6vBJWJtiqBywRHSSvC0MwT18o/q6Kk1STV3givicVPoYsX5/l3R7bnUaYwG9 iCeS4NJTbhtYXJHV0qZvzcPtLI2SHkpEgiRGvv/o7OnpLZSolo4wbNiY8XB0YADQOkQg yS8E9oJugLJ6WSmYi7mYwsJKrR0qNeBXWPzgoBUxWeFnsLgFZGJjQbCz/bL+0FvY5bg+ F4Xg==
X-Gm-Message-State: AFeK/H3Du3m1SoZuJs8I8DUP1UMiMXEYhsuqkvYI5HvSC0dotFzbd0/HxSVhSIPgjVnYKJqkHpmJL4ISmbo0jg==
X-Received: by 10.98.202.80 with SMTP id n77mr42542146pfg.167.1491598328712; Fri, 07 Apr 2017 13:52:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.160.194 with HTTP; Fri, 7 Apr 2017 13:52:08 -0700 (PDT)
In-Reply-To: <CADZyTkmXNj+-v8PJwdEdrBVk3D0zB3jRvdoW7B9_vUguLxbG5g@mail.gmail.com>
References: <CADPMZDByTiWov0vp2Tk1n9dnnkfwepO+UsAnh3rdsrbem2H=VQ@mail.gmail.com> <1490575901696.39454@cs.auckland.ac.nz> <CADPMZDDNZTznKBJ2-vf4MJFjP0Bx34ALF8JCVBhwv12Pdm=XcA@mail.gmail.com> <CADZyTk=L2mKheNkHQ+jtecspLnR2rGc1BajkTKQ0G3cynxkwow@mail.gmail.com> <20170327072447.GA2827@LK-Perkele-V2.elisa-laajakaista.fi> <CADPMZDAmuUKy_AJ9aYd4YYAmO5ZU-8z0P7EZwq2aG+jJM-kRaQ@mail.gmail.com> <CADZyTk=r9quAZxvyQgLd7PrvvhzoQ96s5CPqHcFNaGez8igYcw@mail.gmail.com> <CACsn0c=62mYoYm5MMBK5WKXQjffFBrHDd1EgOZ7vo-JkDgg+Dw@mail.gmail.com> <CADZyTkmXNj+-v8PJwdEdrBVk3D0zB3jRvdoW7B9_vUguLxbG5g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 07 Apr 2017 13:52:08 -0700
Message-ID: <CACsn0c=mDgNoH08v6_W1fAavkGFqUJ-xjnPvePaqVWMdFzbgKw@mail.gmail.com>
To: Daniel Migault <daniel.migault@ericsson.com>
Cc: "curdle@ietf.org" <curdle@ietf.org>, Ilari Liusvaara <ilariliusvaara@welho.com>, denis bider <denisbider.ietf@gmail.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/v_g0fLGTTX0oaHjbsgZQLAvhfn4>
Subject: Re: [Curdle] comments on draft-ietf-curdle-rsa-sha2-03.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 20:52:22 -0000
On Fri, Apr 7, 2017 at 12:54 PM, Daniel Migault <daniel.migault@ericsson.com> wrote: > Hi, > > My understanding was that PSS is proved secured while pkcs1v1.5 is not. > Could you provide reference of such exploitation, that would be helpful. All the exploitation stems Bleichenbacher's on stage demonstration that improper validation can lead to issues at Crypto '06. This bug broke Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=1064636. It broke GnuTLS https://security.gentoo.org/glsa/200609-15, It broke OpenSSL https://www.rapid7.com/db/vulnerabilities/http-openssl-rsa-signature-forgery-vuln. In many cases bug reporters don't note the origins of this attack, making it hard to know if additional examples exist. CVE-2016-8021 may also be an instance of this. > > Yours, > Daniel > > On Fri, Apr 7, 2017 at 2:50 PM, Watson Ladd <watsonbladd@gmail.com> wrote: >> >> On Fri, Apr 7, 2017 at 11:43 AM, Daniel Migault >> <daniel.migault@ericsson.com> wrote: >> > Hi, >> > >> > In the chicago meeting [1], the consensus seems that even though pss >> > would >> > be defined, there is no plane to implement nor to use it. I am >> > confirming >> > this consensus on the mailing list. If you desagree with that, please >> > raise >> > your opinion. If not we will move the draft forward. >> >> I strongly object. PKCS 1.5 signature verification has a long and >> inglorious history of exploitation. PSS does not. Ideally everyone >> would have used FDH or equivalently strong signatures, with simple >> verification, but that didn't happen. >> >> _______________________________________________ >> Curdle mailing list >> Curdle@ietf.org >> https://www.ietf.org/mailman/listinfo/curdle > > -- "Man is born free, but everywhere he is in chains". --Rousseau.
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Watson Ladd
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… denis bider
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Peter Gutmann
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… denis bider
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Mark D. Baushke
- [Curdle] comments on draft-ietf-curdle-rsa-sha2-0… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… denis bider (Bitvise)
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… denis bider
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Peter Gutmann
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Peter Gutmann
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… denis bider
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Ilari Liusvaara
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… denis bider
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Daniel Migault
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Watson Ladd
- Re: [Curdle] comments on draft-ietf-curdle-rsa-sh… Daniel Migault