Re: [TLS] Possible TLS 1.3 erratum

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 19 July 2021 19:37 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C382A3A3CF8 for <tls@ietfa.amsl.com>; Mon, 19 Jul 2021 12:37:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, T_SPF_HELO_TEMPERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id resOwn1rZhMU for <tls@ietfa.amsl.com>; Mon, 19 Jul 2021 12:37:20 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81C073A3CF5 for <tls@ietf.org>; Mon, 19 Jul 2021 12:37:19 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2170.outbound.protection.outlook.com [104.47.71.170]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-66-ULNqX_bXMrSMfL4GAX8RAA-1; Tue, 20 Jul 2021 05:37:15 +1000
X-MC-Unique: ULNqX_bXMrSMfL4GAX8RAA-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SY4PR01MB5436.ausprd01.prod.outlook.com (2603:10c6:10:fc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.22; Mon, 19 Jul 2021 19:37:08 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::98a4:33de:1d06:e141]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::98a4:33de:1d06:e141%4]) with mapi id 15.20.4331.033; Mon, 19 Jul 2021 19:37:08 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Hubert Kario <hkario@redhat.com>
CC: Ilari Liusvaara <ilariliusvaara@welho.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Possible TLS 1.3 erratum
Thread-Index: AQHXeWfZVoV1kD9i3UmF8KiMIWESdatEADMAgAGM1TeAABZcgIAEloO3gAAWdICAAGeoFw==
Date: Mon, 19 Jul 2021 19:37:08 +0000
Message-ID: <SY4PR01MB6251EDB24FCAAEEFF65B5A58EEE19@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <SY4PR01MB6251452C5CD94479D34112DBEEE19@SY4PR01MB6251.ausprd01.prod.outlook.com>, <db76d008-f90e-4f6c-ae47-dd4971d8ce13@redhat.com>
In-Reply-To: <db76d008-f90e-4f6c-ae47-dd4971d8ce13@redhat.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 605966d6-9daa-46b9-3a21-08d94aec98d3
x-ms-traffictypediagnostic: SY4PR01MB5436:
x-microsoft-antispam-prvs: <SY4PR01MB5436FB953B79409042CB8E1EEEE19@SY4PR01MB5436.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: r/WCMH5T7btE4URJrIbVDXRHGmeY1Xv0gvcOxfNWTAvI+EjDstBwLCIbYKwMFmc0FjF9qEr+iDl6JSwnpTyH+JHRCz8ZnGI7oChO2z2gPzY+BDsmZy888uceG6HiSIgtddWo630DZE1mOAXnoKKJy8FV0jXZaw2MdJrpJeB+cM1RZa3FXd31f0193tMQR9RRXlPiiybcbLRA38wJ0ZL/kAUTdb/CT7UIZTgb7tt/vDKLhaUyHuF8P8GchhusjHycCx51vU+Tg94Oc53OZfoegEn3oW+YrFxMyb/4s4HDvfgkjsXhyDK32Jp1SPTv6BM2LbIpGntlrk9wfTQS2Oz+74zzdFtnUX1tUEWopEJCTJ+tjnP3sC1hQ8HjZHVAi/nbPT/ASYbHhj5ah5dedbmxT0Nq0DVf7hqFyNq/mmTfdoI9YVayfG2G87e8xJx+lLxQDn6EQnycPXL6/JrCs2RgdJGcy97bDk957x7Z9l8iuAuJGWd91KiHPyiQqrS3BjzqEViUbYdcet67jOBOM9Hpnzpd2/tbb+DKnZC7zFaPpdpXmE3ccIEjjp0/yUTUsUMF7zd5mkD+H7FrPQ1F+4qGGtRNPjjoEysVKTvIj/bqiR/Cvcoo0+4t33kyECl0P68Sn+x8XFmjFUr+S3maldqRCCdrrsOLwxkxtVRwnImH1DhLB5LgJ4YEF0CQ15nDr7aGzKkrk9cLDH2PzEBV6hvhTg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(39850400004)(136003)(366004)(376002)(33656002)(316002)(26005)(6916009)(9686003)(6506007)(786003)(8676002)(66446008)(8936002)(52536014)(122000001)(83380400001)(4326008)(38100700002)(5660300002)(55016002)(2906002)(478600001)(71200400001)(54906003)(7696005)(86362001)(66946007)(66556008)(64756008)(186003)(4744005)(76116006)(66476007)(38070700004); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: VN9Dr96cxGMwtOOJ4Iiz10Em4yfhigW+L39ioJgc0ceK0un1EZTsbkMD2PJJcojJwi7WiIIfRCIkRKPQqFCr1eQw3TxP11AtsvNcfR0354BCPpQw+bXBUyfkTNFDxTwMp5Sqr9DSPgSx6EDIFtRsYT3DwNG4jMBpkLSGcIz5tqXGe5VuGh68UMozviJ9T5W/hr+xjqpoVnejFzhW9NmrZStlti1YS0G3woNa7etONTUcbE7ordipfcddu4ghAcKqIoUl1vUmrcMHD+Q0pIi+QT7Gu3kSOVqz2jZ4OLLLST7mBpdvH8C/wwi9WsCQ1IoLuIXhuhzSwXk52cTvYpaSH5ohH+d7Ng3k0+toqJX+FTWsA8qRak9B7l/SYCI4NSemxMU1VYhVAsAoKdpe2O2H5W/etzT1b6zqx1Bt5xQinktt8MEEaUAiPQ90T3XVqbioXMbvhKJkaeBy4GMDWUbq0EF1htim/S7NqBb5XXtyktibin1vPYqVmxrnmL9SVl2rX7Kr6EQHtlqXXvnQkKvcdpRyvgyBjEjvBI/hQBDst++vMuhcgq6VZG8yUn98YmRUVG2TDJpalhhiVu/BSpoJD1qEH69+B9kVl5ZFv+NoDESX8CV8XVc7JEdEs71Z1vOoJ+FsnboMk6FbNBpqhj6EPmRJJXGrU6QIouK+ienB7NVZ26uWnUzKjabs8KhXE0K2vznNAKCCKVNBHbNPzLtH27XQJflZTW4/V9zgcYfzDgV5qbYsuigiTP+3QQn81ZA0/Nd3LkcyQmakn0PEWR7WX8sxYqpJkau6JxP4qehHbFmkCsmTxXAximyWhyNq8hb73D+ywwRE8uLc6ey4z2RP6ojiSYxDrOiMoiY5/EejjXope5OE+xtencFAEJlFD87Tm68H2Vla+obi2NJQ77TY59eKEEAGX3g0qiFhmyPBlfYCAnuPVrDmIFHNFrrQVs4lV/olde4GcnwOirDn3sdxLIO7PzBDc/TyQ05ruPMv28HvCjeb4wvFciJDwzlO5qpjhyEyhcp/YQiMWwcUHYQuBKdAwCXf+stDWYER77PyfrewXMM3tqSOgauFbeFkvu+IeUA4voyC4/6s5c/KkEHPtOW/PcGxA/OZdazMZZSa2YzKsPUmqJEfhTtU2IDxEffQSSyTV1rl80/+q1LhjWQBrA/6bFTdjDt/E1CFz5jRh0xP85jhDO0blbhZEOuLS6RbPNdzkmF0r7fWV/ke4qBgYDkjZtH+qQSzlsqowMy07OTMGluUQISVSc0aWBMSanq2GH7q0843ytKzT4ovvEExY4qAdvjC4tN+n2u1hzoo6DY=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 605966d6-9daa-46b9-3a21-08d94aec98d3
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jul 2021 19:37:08.4351 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 73EgPBQ/Smwz9pzVkRb2vzZymQfTZtRTVhzi7x1MI3oHnv5S3Pn6NiBnRpMSenP/sCyf5obroA3vL+p4+KucsoXh9IygcK1doidfMivC6js=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SY4PR01MB5436
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/84cBIiqAu0bknty4FrqCs7pfbRM>
Subject: Re: [TLS] Possible TLS 1.3 erratum
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 19:37:25 -0000

Hubert Kario <hkario@redhat.com> writes:

>It only doesn't matter if you don't want to verify the certificate...
>
>It's one thing to be able to be able to verify an RSA-PSS signature on TLS
>level, it's entirely another to be able to properly handle all the different
>RSA-PSS limitations when using it in SPKI in X.509.

Is there anything that's jumped through all the hoops to implement the complex
mess that is PSS but then not added the few lines of code you need do verify
it in certificates?  And if so, why?

In any case it's still encoding a minor implementation artefact of the
certificate library being used into the TLS protocol, where it has absolutely
no place.  You either do PSS or you don't, and the TLS layer doesn't need to
know what magic number you use to identify it in certificates.

More to the point, for a number of certificate libraries there's no way for
the TLS layer to know what magic number is used because it's a minor
implementation detail that isn't exposed in the API.

Peter.