Re: [dnsext] RSA algorithm padding in RFC 5702, RSASSA-PSS

Paul Wouters <paul@xelerance.com> Thu, 21 October 2010 21:47 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AEA813A6A27; Thu, 21 Oct 2010 14:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.129
X-Spam-Level:
X-Spam-Status: No, score=-1.129 tagged_above=-999 required=5 tests=[AWL=-1.130, BAYES_00=-2.599, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g1aO7ApuFtSi; Thu, 21 Oct 2010 14:47:24 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E89FB3A6845; Thu, 21 Oct 2010 14:47:23 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1P92v8-000E26-3c for namedroppers-data0@psg.com; Thu, 21 Oct 2010 21:43:34 +0000
Received: from newtla.xelerance.com ([193.110.157.143]) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <paul@xelerance.com>) id 1P92v4-000E16-Hz for namedroppers@ops.ietf.org; Thu, 21 Oct 2010 21:43:30 +0000
Received: from tla.xelerance.com (tla.xelerance.com [193.110.157.130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by newtla.xelerance.com (Postfix) with ESMTP id C482FC2F9; Thu, 21 Oct 2010 17:43:27 -0400 (EDT)
Date: Thu, 21 Oct 2010 17:43:27 -0400 (EDT)
From: Paul Wouters <paul@xelerance.com>
To: =?ISO-8859-15?Q?Hanno_B=F6ck?= <hanno@hboeck.de>
cc: namedroppers <namedroppers@ops.ietf.org>
Subject: Re: [dnsext] RSA algorithm padding in RFC 5702, RSASSA-PSS
In-Reply-To: <201010201707.01361.hanno@hboeck.de>
Message-ID: <alpine.LFD.1.10.1010211732310.9874@newtla.xelerance.com>
References: <201010201707.01361.hanno@hboeck.de>
User-Agent: Alpine 1.10 (LFD 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8BIT
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

On Wed, 20 Oct 2010, Hanno Böck wrote:

> I'm currently working on a study project about RSASSA-PSS. This is a padding
> variant with security proofs and standardized within PKCS #1 2.1.
>
> I saw that dnssec currently seems to use the old PKCS #1 1.5 padding methods
> (RFC 5702, Section 3). I wonder if there was any discussion about that
> decision (there is some hint in section 8.1). RFC 5702 was published in 2009,
> so it's a pretty new standard.
>
> Are there any plans to support algorithms with EMSA-PSS-padding within dnssec
> in the future?

I brought this up a year or two ago, when RSASHA256 was getting
specified.  Specifically, I argued the IETF itself had already
recommended moving from PKCS 1.1.5 to RSASSA-PSS in 2003:
http://tools.ietf.org/html/rfc3447#section-8.2

At the time the concensus seemed to be that RSASSA-PSS was less
standarised and less available in crypto libraries, and the gains on
theoretical security would be lost in practical implementation issues
(interop issues, implementation mistakes, etc)

I can't find the thread but I think it was on the dnssec-deployment or dnsext list.

Paul