[TLS] RSA-PSS in TLS 1.3

Joseph Salowey <joe@salowey.net> Mon, 29 February 2016 17:32 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A7851B384B for <tls@ietfa.amsl.com>; Mon, 29 Feb 2016 09:32:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vanmeRNTN9TM for <tls@ietfa.amsl.com>; Mon, 29 Feb 2016 09:32:26 -0800 (PST)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 057321B384A for <tls@ietf.org>; Mon, 29 Feb 2016 09:32:26 -0800 (PST)
Received: by mail-lb0-x22a.google.com with SMTP id x1so84221036lbj.3 for <tls@ietf.org>; Mon, 29 Feb 2016 09:32:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=FsFGJlUBnvsvzXxxYE+TwvxOdfqVvV+090PV9Yl7KB8=; b=CpCrg0jK1MQaVmiqR9rcN4K8XX0GQ12j9a0repkU96SoFbLyopB2Wpm0saDjNxjfnO omXoQLn9awkti5UmU7DEDmc/nMr5Eq2X9JpNWPcg8MKAJzgynMqNXnfVjy+CsC8Vt3Sa 8yBfjzUmAr2vIHFNqTNyczR9EzfYsQ5RYqCRbswUlNhYhZqhPmkQ8hPBzJSEmW7/j1QE yd3bLp0OXnM8ptn3o5VF2vTMMjeBK5a1exNE9Q9lC3QNERK9RUxV7oBUiLVSrpC19qtB c1tNQw73mcAFGahjBnqU1CQM01mLQgnyRvU+++wnYUb9mCxSbqZfIaf09omjfzdsa/6v u5TA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=FsFGJlUBnvsvzXxxYE+TwvxOdfqVvV+090PV9Yl7KB8=; b=IXjvG9rArAI5zT0ePZpwPzs1eoeqCyA3Ff4JRE9vkCsW4c/T60GI3pvIQ5ASOkxCzF VhO8yzgpipYts6u4+KAEJ8UWBrm/Dt06ic8DV1mMTI/2GZrXnAOO6cVMzhoQlkeXdVWa vZ1iRj/ELT7Y/Y8idkFd5FHK/mC38wFS5EweXJmKqCJfb9Hu5GrQs1Dx7mv98qwZ7lI4 imkDQbueirnhoGEpX+4jVDiIiM+uh5ThtnjiHaTZNjCzzPSA5AG28D1ktnFTTsbe4Fju BeEZNdabkYpf3brWUWKNHoVP4URmEW9F+cWQXeTESrINfmci5ZqSc6soVLmzkaVq3STg vi8g==
X-Gm-Message-State: AD7BkJIorBiQYlLxjZqN1PcXc1RY8H9xP9Ww6FurpFztNN9qB5Dd5ohZR4qYg5XPOhI39XEnsaBIalvjy3U0Jw==
X-Received: by 10.112.16.168 with SMTP id h8mr5976274lbd.90.1456767144238; Mon, 29 Feb 2016 09:32:24 -0800 (PST)
MIME-Version: 1.0
Received: by 10.112.2.104 with HTTP; Mon, 29 Feb 2016 09:32:04 -0800 (PST)
From: Joseph Salowey <joe@salowey.net>
Date: Mon, 29 Feb 2016 09:32:04 -0800
Message-ID: <CAOgPGoD=AAFDUXN8VkOHwTMEUm+-qi548NsicoD=1yQKSu-sng@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary=001a11c3acb2273458052cec080b
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/1Os5H_4Njnj2mxT5Djs7PNvyN1A>
Subject: [TLS] RSA-PSS in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 17:32:27 -0000

We seem to have good consensus on moving to RSA-PSS and away from PKCS-1.5
in TLS 1.3.  However, there is a problem that it may take some hardware
implementations some time to move to RSA-PSS.  After an off list discussion
with a few folks here is a proposal for moving forward.

We make RSA-PSS mandatory to implement (MUST implement instead of MUST
offer).   Clients can advertise support for PKCS-1.5 for backwards
compatibility in the transition period.
Please respond on the list on whether you think this is a reasonable way
forward or not.

Thanks,

J&S