Re: [TLS] Adoption call for draft-davidben-tls13-pkcs1

Hubert Kario <hkario@redhat.com> Mon, 21 October 2019 13:42 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33AF3120099 for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 06:42:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id shldr9IBTfNc for <tls@ietfa.amsl.com>; Mon, 21 Oct 2019 06:42:48 -0700 (PDT)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0668612004D for <tls@ietf.org>; Mon, 21 Oct 2019 06:42:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1571665366; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=4Sy0TBDJ8pfl6X0Of0tqI1PMT0ncr8c5qwNqheSqE+Q=; b=YEbyQOz9lKxLNblbHG6OszDgJ82OzqY1QYnsx91JhIHWzSm3iUpidMOm2PeF8LyJfcPRRn k4uLPOdUH36IFqHpTWLyTxFqXAGbIK0L1Ymm33x6Lqx6B7eSoE9ncjOOVTQ//rEmI/beTO +4biypdVP9v1UbdL4DE9vn6RlWr254w=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-22-vVhRZKJhMSeP1T-36QQI9w-1; Mon, 21 Oct 2019 09:42:43 -0400
X-MC-Unique: vVhRZKJhMSeP1T-36QQI9w-1
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E014B476; Mon, 21 Oct 2019 13:42:41 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (ovpn-200-53.brq.redhat.com [10.40.200.53]) by smtp.corp.redhat.com (Postfix) with ESMTP id DB72B7ED78; Mon, 21 Oct 2019 13:42:40 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Cc: Christopher Wood <caw@heapingbits.net>, "TLS@ietf.org" <TLS@ietf.org>
Date: Mon, 21 Oct 2019 15:42:39 +0200
Message-ID: <2641069.fcJi2IyA6W@pintsize.usersys.redhat.com>
In-Reply-To: <843cc437-4c6d-43ce-b634-527a287c4e27@www.fastmail.com>
References: <843cc437-4c6d-43ce-b634-527a287c4e27@www.fastmail.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
X-Mimecast-Spam-Score: 0
Content-Type: multipart/signed; boundary="nextPart1998546.HKHFz684Vl"; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2pisjpJ2uLNzZsSkmGH0a_9s6Vw>
Subject: Re: [TLS] Adoption call for draft-davidben-tls13-pkcs1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 13:42:50 -0000

On Friday, 18 October 2019 20:44:03 CEST Christopher Wood wrote:
> This email starts a call for adoption of draft-davidben-tls13-pkcs1-00,
> which can be found here:
> 
>    https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00
> 
> It will run until November 1, 2019. Please indicate whether or not you would
> like to see this draft adopted and whether you will review and provide
> feedback on it going forward.

Yes, requiring RSA-PSS causes interoperability issues with smartcards that 
don't implement this 16 year old algorithm. But being able to say "if you're 
using TLS 1.3 that means you are not using legacy crypto" has non 
insignificant value too.

This document erodes that.

So I'm against adoption of this draft by the WG.

If it is adopted, I will review and provide feedback on it.
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic