Re: [TLS] RSA-PSS in TLS 1.3

Yoav Nir <ynir.ietf@gmail.com> Wed, 02 March 2016 09:25 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 078B01ABD38 for <tls@ietfa.amsl.com>; Wed, 2 Mar 2016 01:25:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KQttbV_7oFEM for <tls@ietfa.amsl.com>; Wed, 2 Mar 2016 01:25:12 -0800 (PST)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EAC61ABD3A for <tls@ietf.org>; Wed, 2 Mar 2016 01:25:12 -0800 (PST)
Received: by mail-wm0-x232.google.com with SMTP id l68so68791778wml.1 for <tls@ietf.org>; Wed, 02 Mar 2016 01:25:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=29OqqexF3OCkh54Q/1TaXvzKnDJFZF8BLJS0X4fnt64=; b=Via20k9WChh14S4XnKNRhYHjxtG+gUaW0IN0qTf8Zpzka71UYPUZG5rzx019jD8R6S noqWqcUmL0jekbwCMHTVdFqk1r/7ixDbpQndhx++xbqJBEIqLt/qZ9R+8d4c1xH5ZQ3/ rtkGdz0BiDjunGTHILOz5WXBZBc1bsKJD6fr0obI5Ngkscakg0zWw+4qeWjLlsotL0gb cCIIs6aiJrxtTqawTjdmTvAFXBSPVpUv5Tz9V2aJWPBzkKJg4t7rguW8sHUhk8VfzzXL cPD6JkbM0ImhzQchfC2tsaORbNq/7k0TGKWSzWVab+ENRNU4gQn+L1FWqRBdNYTZydAj LHmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=29OqqexF3OCkh54Q/1TaXvzKnDJFZF8BLJS0X4fnt64=; b=gpVbDkz1wcPLK0DhCvZdFwN/0TOhX26XfzNw60YjNWy9e1OLkPo2k4IgtPkrBcOlw2 jo+oZaPKVMZx2EC3jNsp6qKRMq0rZWdtGtjogFkXs8vZDufaDgzghPCKgo0SXTgzEqy7 HbrQ68ZFjuCRM2I/eRyptW2YmyTT2KQE6/EzVNnN5jienGfIfKvR7/83fGK3aBmgRNYi xgMbR3AlAttj+no7Mg45eLD7KpnYH+l+M14QrXe5l5ruTxGo40WuAMI768NrmLSCsblG e+D8WjJGTNWNU6ROVNwEKT4oAJz98q//3hju3nP4r/cBslXr4JjZ2iUIFoQrKneAc3tg dWkQ==
X-Gm-Message-State: AD7BkJKz0fjZgH7+e3oy+pdj3pr/B5aPi6/nWJSp9kyfMh1SenCvZp1kmjMX2vJ758m/Wg==
X-Received: by 10.28.222.214 with SMTP id v205mr3291237wmg.92.1456910710580; Wed, 02 Mar 2016 01:25:10 -0800 (PST)
Received: from [172.24.251.185] (dyn32-131.checkpoint.com. [194.29.32.131]) by smtp.gmail.com with ESMTPSA id et11sm34892460wjc.30.2016.03.02.01.25.08 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 02 Mar 2016 01:25:09 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <56D6AF5B.5010103@comodo.com>
Date: Wed, 2 Mar 2016 11:25:07 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <7BA6CABC-077A-4DAA-BF9C-FE1209FD32C0@gmail.com>
References: <CAOgPGoD=AAFDUXN8VkOHwTMEUm+-qi548NsicoD=1yQKSu-sng@mail.gmail.com> <56D4ABAD.90902@brainhub.org> <20160229233617.5466ebd3@pc1> <56D51FFB.9050909@brainhub.org> <DE710794-CA42-48E1-9AB9-A2BE2899E071@gmail.com> <56D5DE1D.3000708@akr.io> <BBA8149E-114A-49D3-8159-A87ADB545482@gmail.com> <56D6AE21.7050108@comodo.com> <56D6AF5B.5010103@comodo.com>
To: Rob Stradling <rob.stradling@comodo.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/-UfmfV4kwLopmlWZCNQRniAEKdU>
Cc: tls@ietf.org
Subject: Re: [TLS] RSA-PSS in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 09:25:14 -0000

> On 2 Mar 2016, at 11:16 AM, Rob Stradling <rob.stradling@comodo.com> wrote:
> 
> On 02/03/16 09:10, Rob Stradling wrote:
> <snip>
>>> Neither you nor I can post in any of the CA/Browser forum’s lists,
>>> because neither of us has either a browser or a public CA.
>>> 
>>> There are some people who are active there and are reading this list,
>>> so they might take such a proposal there. I’m not very optimistic,
>>> though.
>> 
>> Please don't give up without even trying!
>> 
>> If you have a proposal, I'd be happy to post it to the
>> public@cabforum.org list on your behalf.
> 
> Oh, somebody else beat me to it:
> 
> https://cabforum.org/pipermail/public/2016-March/006910.html

Right. And the response was that while PSS in in NSS, it’s not in Firefox. No word on the other browsers out there, and definitely no word on a bunch of non-browser clients that connect to servers using certificates from the public CA.

I totally understand that the commercial CAs cannot afford to deprecate PKCS#1 now. It might be prudent to announce some long-term deprecation plan such as the one for SHA-1 signatures.

We can hope that by the time the transition is complete RSA will have been abandoned in favor of ECDSA and/or EDDSA, but I would not bet on it.

Yoav