IETF Logo Mail Archive

[TLS]Re: Working Group Last Call for Legacy RSASSA-PKCS1-v1_5 codepoints for TLS 1.3

Sean Turner <sean@sn3rd.com> Wed, 22 May 2024 14:34 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5F4C151701 for <tls@ietfa.amsl.com>; Wed, 22 May 2024 07:34:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27Xr79svSBIp for <tls@ietfa.amsl.com>; Wed, 22 May 2024 07:34:48 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93076C15155A for <tls@ietf.org>; Wed, 22 May 2024 07:34:48 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id af79cd13be357-792b8d98a56so408641085a.2 for <tls@ietf.org>; Wed, 22 May 2024 07:34:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; t=1716388487; x=1716993287; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ScAMfhljrUwn+LiIVSVekNQ3rsKcnzFHU2E79CO8gFk=; b=m4JSaLx+jnE1ov6dvbqKI//gcNYhOO05H9g4HqcJp1yUsup4HpIIlUnvbRndqv67EC xEKatHsk7v6Gi+xGLUmEYNU7U/fUxfTamQNxMLNIgqTSBxqOVeDu5vUk1f//jkCKHiia is8pyG86yG5WUpAxWY71bx0D/wSY9XN5MUdsA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716388487; x=1716993287; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ScAMfhljrUwn+LiIVSVekNQ3rsKcnzFHU2E79CO8gFk=; b=qO1kuR/Oxxu1qTPokaky1U4LHPNHUtk8XCCvbqdRyM/kp8+zbsnCNzvKMia79RRzCL pPXzUkNGCq92xOhTLde5JZjc1Mxot4uxat3r1cEWfWDTVq1GZSgGf3weNZF+XSFGoqQK W18XU/CTo94meLZmecrHgUk0//X/9OUhfjP/1cfiX7iADYlm0cI2kNzV7c5p0luCyueS ywKKDgw1+XBgjMCO2MeUUxqZrQE84ynk0l+d/b7+eun6Y+vpV9j7M4KAuKqFT79VDUyu QG4J2C86oIup/+3Oh9Zfocrf44QFJtxO4s7Krtl8bSxWk20mfduP3W91oQJFMrahgJ7O ij2g==
X-Forwarded-Encrypted: i=1; AJvYcCUkdvsUfcTevBin+bH+e5bWwsFgH+K1ZO1LFlsV/R8/8hNQu0vxNrczXjzH6XNz92LXwJGwmKccPu6E9BY=
X-Gm-Message-State: AOJu0YwOssL3HDzyxkAs2xirjL6YHCcy2H+jjUrk8zSlfjG6lPxUr5rF GMH4ESbqm+8uhxHUsXFWv1ps5leYtdFdJuS0dprVfODXElwVqdoZgm3S1AGBR6I=
X-Google-Smtp-Source: AGHT+IGwFQvwCbRxUI/YpNAKGARxmeknltQTKXUC6Eh48+8eqTvRDii38Xm1B/z5vWnzIv0u6x/Mtw==
X-Received: by 2002:a05:620a:4491:b0:792:9fb4:9961 with SMTP id af79cd13be357-79499458243mr296999785a.45.1716388487041; Wed, 22 May 2024 07:34:47 -0700 (PDT)
Received: from smtpclient.apple (pool-68-238-162-47.washdc.fios.verizon.net. [68.238.162.47]) by smtp.gmail.com with ESMTPSA id af79cd13be357-792bf2a35e0sm1401974285a.64.2024.05.22.07.34.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 May 2024 07:34:46 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.15\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CAF8qwaDTiFvs8khdQ-7fKej=uhcu-x4ypXOTUxx_Y7DLu3oBLg@mail.gmail.com>
Date: Wed, 22 May 2024 10:34:45 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <5FE1C65F-940E-42E2-9AC7-845939CF5938@sn3rd.com>
References: <00F1241B-A3BC-474F-965B-BBABD5A6BBC0@sn3rd.com> <5711BB4A-CB44-4144-AE69-872D3379D320@sn3rd.com> <9D8AF0B8-4094-4602-B0DB-9CE905A8A4D8@akamai.com> <CAF8qwaDTiFvs8khdQ-7fKej=uhcu-x4ypXOTUxx_Y7DLu3oBLg@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
X-Mailer: Apple Mail (2.3654.120.0.1.15)
Message-ID-Hash: 2V23KLB75CWSP5KKN2ZYVMZ376J3RWTK
X-Message-ID-Hash: 2V23KLB75CWSP5KKN2ZYVMZ376J3RWTK
X-MailFrom: sean@sn3rd.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, TLS List <tls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [TLS]Re: Working Group Last Call for Legacy RSASSA-PKCS1-v1_5 codepoints for TLS 1.3
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>


> On May 22, 2024, at 10:28, David Benjamin <davidben@chromium.org> wrote:
> 
> On Wed, May 22, 2024 at 10:27 AM Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> wrote:
> > This email starts the working group last call for "Legacy RSASSA-PKCS1-v1_5 codepoints for TLS 1.3” I-D, located here:
> 
> No comments, ship it.
> 
> > The only comment/question I have about this I-D (and I hope this is not too much of a bikeshed) is whether the Recommended column should be “D” instead of “N”.
> 
> I think that would be a mistake as it makes the vast deployment of existing TPM machines nonconformant.  In a few years, maybe. For now, not-recommended is strong enough.
> 
> (I don't have strong feelings on this and am happy to defer this to what everyone else wants. Just briefly noting that "N" in the document isn't an explicit preference here. "D" just didn't exist at the time the document was written.)

I figured this was the case.  Part of the reason for raising this point now is to tell the IESG that we actually thought about it when somebody asks about whether we considered “D”.

spt

v2.31.3 | Report a Bug | By Email | System Status