Re: [TLS] RSA-PSS in TLS 1.3

Eric Rescorla <ekr@rtfm.com> Wed, 02 March 2016 15:58 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88A231ACD47 for <tls@ietfa.amsl.com>; Wed, 2 Mar 2016 07:58:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mb6TAOysHUb for <tls@ietfa.amsl.com>; Wed, 2 Mar 2016 07:58:05 -0800 (PST)
Received: from mail-yk0-x232.google.com (mail-yk0-x232.google.com [IPv6:2607:f8b0:4002:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50F8D1ACD05 for <tls@ietf.org>; Wed, 2 Mar 2016 07:58:05 -0800 (PST)
Received: by mail-yk0-x232.google.com with SMTP id u9so93387601ykd.1 for <tls@ietf.org>; Wed, 02 Mar 2016 07:58:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=hbuUjgrW6g6G46PVMvyttngVzou14+DnUJJW2DHVvjw=; b=Jnz4K6zjdGWryRsMgDqwCEJsAluQHE+BRBBVGQ2RUGhbgrjKvIiCIKsqit7Ww/7+XZ GlwvW9hcscP2LpPuI/5rAbfJ7XB7wkLtmRhbMENSBF2JfZIJJ8J2NP5A9cdokTxt1MZW 7X0urNq6QYog+FEWyofnEYrUfRsvFev43Tj7F8C5sygWuCMUM92XQ1UqR+mqmBuzIeRI iejoAa2wGLOTYdbKyVH2hVfZoljgg1Tx0nkwgwAlUGTbHA9P3QVInXsqDL0hjFD/Djr3 mW7yELArRr1LN1JV9IYLUZRXwsuglsL4YOPSGpZYLNfoYVUbyRQ8aegTUMMxyQ2tiFc4 28hA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=hbuUjgrW6g6G46PVMvyttngVzou14+DnUJJW2DHVvjw=; b=lSD1X52p3/pdjuZiPE4vmVWS9/1ueBrDIpSBQz1m2KoP8pxLb1ZJERIxHpLvpaAWGT SqPhdRuJ+GNJwu0XmYQAeqAXSs3VowZUqjkeBbMRcuDTdYSI+JJsHBybX+WHh+PtYdrT 7Ui2schaIjRl+Cn2FQNZERv11xKNzf80K8sreQ+pYKj6DNAmQD1+pELQHXBYH+L8Scz0 S7Gxq1jawtwtd2oTSPsRnJaRb2KtepFrafv2ZwoLIlenSwsHz+ffKUSHyhZzRCr0TUPu cU6VKLsgiZyyUL25GZkDq9rX9LepU20qwAf+XFQG9l0DJzZusltzcoH+NIqqjRTRsZ0W BcUg==
X-Gm-Message-State: AD7BkJIcvlAvpenVrdYK/9kYua3R/5/FZiPWABVRx55VXtrgQj1T3C7hcb33ptld7Sgfcf1g4riU9tkxYLwx6g==
X-Received: by 10.37.101.11 with SMTP id z11mr15082647ybb.162.1456934284457; Wed, 02 Mar 2016 07:58:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.13.249.5 with HTTP; Wed, 2 Mar 2016 07:57:24 -0800 (PST)
In-Reply-To: <7BA6CABC-077A-4DAA-BF9C-FE1209FD32C0@gmail.com>
References: <CAOgPGoD=AAFDUXN8VkOHwTMEUm+-qi548NsicoD=1yQKSu-sng@mail.gmail.com> <56D4ABAD.90902@brainhub.org> <20160229233617.5466ebd3@pc1> <56D51FFB.9050909@brainhub.org> <DE710794-CA42-48E1-9AB9-A2BE2899E071@gmail.com> <56D5DE1D.3000708@akr.io> <BBA8149E-114A-49D3-8159-A87ADB545482@gmail.com> <56D6AE21.7050108@comodo.com> <56D6AF5B.5010103@comodo.com> <7BA6CABC-077A-4DAA-BF9C-FE1209FD32C0@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 2 Mar 2016 07:57:24 -0800
Message-ID: <CABcZeBM_qHe58W9=zughbEt0c++QnzoJujhAUH+ZsWqN5E46yg@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary=001a1142fbe67cad72052d12f2a9
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/ATjGsROy2wZrW9vP-6JbB3OIAug>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RSA-PSS in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 15:58:07 -0000

On Wed, Mar 2, 2016 at 1:25 AM, Yoav Nir <ynir.ietf@gmail.com> wrote:

>
> > On 2 Mar 2016, at 11:16 AM, Rob Stradling <rob.stradling@comodo.com>
> wrote:
> >
> > On 02/03/16 09:10, Rob Stradling wrote:
> > <snip>
> >>> Neither you nor I can post in any of the CA/Browser forum’s lists,
> >>> because neither of us has either a browser or a public CA.
> >>>
> >>> There are some people who are active there and are reading this list,
> >>> so they might take such a proposal there. I’m not very optimistic,
> >>> though.
> >>
> >> Please don't give up without even trying!
> >>
> >> If you have a proposal, I'd be happy to post it to the
> >> public@cabforum.org list on your behalf.
> >
> > Oh, somebody else beat me to it:
> >
> > https://cabforum.org/pipermail/public/2016-March/006910.html
>
> Right. And the response was that while PSS in in NSS, it’s not in Firefox.
> No word on the other browsers out there, and definitely no word on a bunch
> of non-browser clients that connect to servers using certificates from the
> public CA.
>

For what it's worth, I expect PSS support to appear in Firefox sometime in
the
not too distant future, since it's clear we need it for 1.3 and it's not
much effort
to add it for 1.2 and below.

-Ekr

I totally understand that the commercial CAs cannot afford to deprecate
> PKCS#1 now. It might be prudent to announce some long-term deprecation plan
> such as the one for SHA-1 signatures.
>
> We can hope that by the time the transition is complete RSA will have been
> abandoned in favor of ECDSA and/or EDDSA, but I would not bet on it.
>
> Yoav
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>