Re: [TLS] SHA-3 in SignatureScheme

"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Thu, 01 September 2016 18:31 UTC

Return-Path: <sfluhrer@cisco.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 863EB12D552 for <tls@ietfa.amsl.com>; Thu, 1 Sep 2016 11:31:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.069
X-Spam-Level:
X-Spam-Status: No, score=-15.069 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Av4mx4FpkJL for <tls@ietfa.amsl.com>; Thu, 1 Sep 2016 11:31:14 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45BB212D1C1 for <tls@ietf.org>; Thu, 1 Sep 2016 11:31:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1704; q=dns/txt; s=iport; t=1472754674; x=1473964274; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=vNftusnKMbpURJDW1bFgIot4Ui81/QIPGO410YcmIXI=; b=Rg+ryWFJrUcyV3x9Ozh13mJZU0Jv4JMGwP1BeFlAHRHK02uMyPS8yZJQ rQp5hupPcJWA7QcOx/lr8x0lzJct7iXuMQzZo1cYviV7eo9fyR+J43qgS tFR6XMr294z/To9qakEU9GmrYzJjZEq3kQB3O7d0pCCBaTEGaV5ILnlVO k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BTAgC0c8hX/4MNJK1dg1ABAQEBAR6BU?= =?us-ascii?q?we4KYIChhwCHIE0OBQBAgEBAQEBAQFeJ4RhAQEFIxFFDAQCAQgOAwQBAQECAiM?= =?us-ascii?q?DAgICMBQBCAgCBAENBQiIQK4ljG4BAQEBAQEBAQEBAQEBAQEBAQEBAQEcgQWFK?= =?us-ascii?q?oRNhFeCa4JaAQSZUAGPKY9ejEiDeAEeNoQxcIVtfwEBAQ?=
X-IronPort-AV: E=Sophos;i="5.30,268,1470700800"; d="scan'208";a="317650089"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 01 Sep 2016 18:30:55 +0000
Received: from XCH-RTP-008.cisco.com (xch-rtp-008.cisco.com [64.101.220.148]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u81IUt7n026816 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 1 Sep 2016 18:30:55 GMT
Received: from xch-rtp-006.cisco.com (64.101.220.146) by XCH-RTP-008.cisco.com (64.101.220.148) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 1 Sep 2016 14:30:54 -0400
Received: from xch-rtp-006.cisco.com ([64.101.220.146]) by XCH-RTP-006.cisco.com ([64.101.220.146]) with mapi id 15.00.1210.000; Thu, 1 Sep 2016 14:30:54 -0400
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Hubert Kario <hkario@redhat.com>, Benjamin Kaduk <bkaduk@akamai.com>
Thread-Topic: [TLS] SHA-3 in SignatureScheme
Thread-Index: AQHSBHe1xKgPlSbO3kiFKvTyv7OFy6BlKtOAgAAJZID//71KsA==
Date: Thu, 1 Sep 2016 18:30:54 +0000
Message-ID: <e4182bf7b91e4a47ac8b5ebd32a4e035@XCH-RTP-006.cisco.com>
References: <7755682.Cma8FBTrvx@pintsize.usersys.redhat.com> <e9c56645-41f0-d1e8-d475-8ab8056de4c5@akamai.com> <3306497.XBi9lDlCXI@pintsize.usersys.redhat.com>
In-Reply-To: <3306497.XBi9lDlCXI@pintsize.usersys.redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.98.2.58]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/7D1cPMHgXd0W2uDHCQW8MkjmvgU>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] SHA-3 in SignatureScheme
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 18:31:15 -0000

> -----Original Message-----
> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Hubert Kario
> Sent: Thursday, September 01, 2016 2:17 PM
> To: Benjamin Kaduk
> Cc: <tls@ietf.org>
> Subject: Re: [TLS] SHA-3 in SignatureScheme
> 
> On Thursday, 1 September 2016 12:43:31 CEST Benjamin Kaduk wrote:
> > On 09/01/2016 12:38 PM, Hubert Kario wrote:
> > > The SHA-3 standard is already published and accepted[1], shouldn't
> > > TLSv1.3 include signatures with those hashes then?
> >
> > Why does it need to be part of the core spec instead of a separate
> document?
> 
> because: we also are adding RSA-PSS to TLSv1.2 in this document, I don't see
> why it needs to be delayed. Finally, TLSv1.2 added SHA-2 just like that, it was
> not tacked on later.

IIRC, SHA-2 was a special case; SHA-1 was demonstrated to be cryptographically weaker than expected and so we needed to have a secure alternative ASAP.

The SHA-3 is not like that; there's no evidence that suggests that SHA-2 is weak; the only incentive to implementing SHA-3 is "we'll, it is a standard, and so we might as well support it".

IMHO, how SHA-2 was handled should be viewed as an exception, not a rule for how we should proceed in the future...