Re: [TLS] PSS for TLS 1.3
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Mon, 23 March 2015 19:42 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB1701A012D for <tls@ietfa.amsl.com>; Mon, 23 Mar 2015 12:42:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EQYe6Sx2oGq for <tls@ietfa.amsl.com>; Mon, 23 Mar 2015 12:42:47 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0661.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::661]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59C521A0242 for <tls@ietf.org>; Mon, 23 Mar 2015 12:42:46 -0700 (PDT)
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.1.118.21; Mon, 23 Mar 2015 19:42:26 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.01.0118.021; Mon, 23 Mar 2015 19:42:26 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Russ Housley <housley@vigilsec.com>, IETF TLS <tls@ietf.org>
Thread-Topic: [TLS] PSS for TLS 1.3
Thread-Index: AQHQZO0BzEWOClerrUGv/b0kfZLJhZ0p3LEAgACaIAD//650AA==
Date: Mon, 23 Mar 2015 19:42:26 +0000
Message-ID: <D135D551.4358E%kenny.paterson@rhul.ac.uk>
References: <CABcZeBOeoyggJfma8rvyeRrh6Dw+oSp5P-oUG0MR3ZprBOyUPQ@mail.gmail.com> <20150323112232.5964828b@pc1.fritz.box> <B05713C2-FB9C-4625-8B90-8A4ACFB80486@vigilsec.com>
In-Reply-To: <B05713C2-FB9C-4625-8B90-8A4ACFB80486@vigilsec.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.8.150116
x-originating-ip: [31.133.156.77]
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB384;
x-microsoft-antispam-prvs: <DBXPR03MB3845A3ED8B37D893E1DD6FCBC0D0@DBXPR03MB384.eurprd03.prod.outlook.com>
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10009020)(6009001)(24454002)(51704005)(479174004)(19580405001)(66066001)(19580395003)(36756003)(2900100001)(50986999)(76176999)(77156002)(62966003)(54356999)(15975445007)(106116001)(2950100001)(77096005)(122556002)(40100003)(46102003)(74482002)(2656002)(83506001)(92566002)(86362001)(102836002)(107886001)(87936001); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(5002010); SRVR:DBXPR03MB384; BCL:0; PCL:0; RULEID:; SRVR:DBXPR03MB384;
x-forefront-prvs: 05245CA661
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6A785F1502ADAE44A4901CD0521E8C36@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2015 19:42:26.1108 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR03MB384
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Arz2cQKNppoDG6iZLRGzj2fCse0>
Subject: Re: [TLS] PSS for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 19:42:49 -0000
Hi On 23/03/2015 14:34, "Russ Housley" <housley@vigilsec.com> wrote: > >> I think this totally makes sense. I think we should see Signatures for >>PKI >> separately that for TLS (i.e. signing certificates versus signing >>handshakes). >> Pushing PKI to support PSS can be done separately, but it is probably >>much >> more difficult due to backwards compatibility issues. >> But it doesn't need to happen inside the TLS 1.3 specification. >> (and the tech / spec for doing so is already available) > >We want to accomodate the uptake of ECC, so ... > >If RSA keys, then sign handshake with RSA-PSS. >If ECC keys, then sign handshake with ECDSA. Just a quick heads-up with my CFRG hat on. We should soon be making a start over there on defining signature schemes for use with the curves that we have now selected; our DH deliberations are nearing completion. One quick question for this group: how important is it to you to have ECDSA - or something very close to it (e.g. a derandomised version) - for TLS use, and how much appetite is there for adopting schemes that deviate more significantly from ECDSA (e.g. EdDSA)? This question will surely be covered in forthcoming CFRG discussions as well, but I think it's useful to ask the question here too, given that TLS will be the first and primary customer for what we're working on in CFRG. Cheers Kenny > >Russ > >_______________________________________________ >TLS mailing list >TLS@ietf.org >https://www.ietf.org/mailman/listinfo/tls
- [TLS] PSS for TLS 1.3 Eric Rescorla
- Re: [TLS] PSS for TLS 1.3 Brian Smith
- Re: [TLS] PSS for TLS 1.3 Eric Rescorla
- Re: [TLS] PSS for TLS 1.3 Peter Bowen
- Re: [TLS] PSS for TLS 1.3 Hanno Böck
- Re: [TLS] PSS for TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] PSS for TLS 1.3 Eric Rescorla
- Re: [TLS] PSS for TLS 1.3 Salz, Rich
- Re: [TLS] PSS for TLS 1.3 Russ Housley
- Re: [TLS] PSS for TLS 1.3 Russ Housley
- Re: [TLS] PSS for TLS 1.3 Paterson, Kenny
- Re: [TLS] PSS for TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS for TLS 1.3 Martin Rex
- Re: [TLS] PSS for TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS for TLS 1.3 Russ Housley