Re: [TLS] PSS for TLS 1.3

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Mon, 23 March 2015 19:42 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB1701A012D for <tls@ietfa.amsl.com>; Mon, 23 Mar 2015 12:42:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EQYe6Sx2oGq for <tls@ietfa.amsl.com>; Mon, 23 Mar 2015 12:42:47 -0700 (PDT)
Received: from emea01-am1-obe.outbound.protection.outlook.com (mail-am1on0661.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe00::661]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59C521A0242 for <tls@ietf.org>; Mon, 23 Mar 2015 12:42:46 -0700 (PDT)
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.1.118.21; Mon, 23 Mar 2015 19:42:26 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.01.0118.021; Mon, 23 Mar 2015 19:42:26 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Russ Housley <housley@vigilsec.com>, IETF TLS <tls@ietf.org>
Thread-Topic: [TLS] PSS for TLS 1.3
Thread-Index: AQHQZO0BzEWOClerrUGv/b0kfZLJhZ0p3LEAgACaIAD//650AA==
Date: Mon, 23 Mar 2015 19:42:26 +0000
Message-ID: <D135D551.4358E%kenny.paterson@rhul.ac.uk>
References: <CABcZeBOeoyggJfma8rvyeRrh6Dw+oSp5P-oUG0MR3ZprBOyUPQ@mail.gmail.com> <20150323112232.5964828b@pc1.fritz.box> <B05713C2-FB9C-4625-8B90-8A4ACFB80486@vigilsec.com>
In-Reply-To: <B05713C2-FB9C-4625-8B90-8A4ACFB80486@vigilsec.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.8.150116
x-originating-ip: [31.133.156.77]
authentication-results: vigilsec.com; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DBXPR03MB384;
x-microsoft-antispam-prvs: <DBXPR03MB3845A3ED8B37D893E1DD6FCBC0D0@DBXPR03MB384.eurprd03.prod.outlook.com>
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10009020)(6009001)(24454002)(51704005)(479174004)(19580405001)(66066001)(19580395003)(36756003)(2900100001)(50986999)(76176999)(77156002)(62966003)(54356999)(15975445007)(106116001)(2950100001)(77096005)(122556002)(40100003)(46102003)(74482002)(2656002)(83506001)(92566002)(86362001)(102836002)(107886001)(87936001); DIR:OUT; SFP:1101; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5005006)(5002010); SRVR:DBXPR03MB384; BCL:0; PCL:0; RULEID:; SRVR:DBXPR03MB384;
x-forefront-prvs: 05245CA661
Content-Type: text/plain; charset="us-ascii"
Content-ID: <6A785F1502ADAE44A4901CD0521E8C36@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2015 19:42:26.1108 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBXPR03MB384
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Arz2cQKNppoDG6iZLRGzj2fCse0>
Subject: Re: [TLS] PSS for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Mar 2015 19:42:49 -0000

Hi

On 23/03/2015 14:34, "Russ Housley" <housley@vigilsec.com> wrote:

>
>> I think this totally makes sense. I think we should see Signatures for
>>PKI
>> separately that for TLS (i.e. signing certificates versus signing
>>handshakes).
>> Pushing PKI to support PSS can be done separately, but it is probably
>>much
>> more difficult due to backwards compatibility issues.
>> But it doesn't need to happen inside the TLS 1.3 specification.
>> (and the tech / spec for doing so is already available)
>
>We want to accomodate the uptake of ECC, so ...
>
>If RSA keys, then sign handshake with RSA-PSS.
>If ECC keys, then sign handshake with ECDSA.

Just a quick heads-up with my CFRG hat on. We should soon be making a
start over there on defining signature schemes for use with the curves
that we have now selected; our DH deliberations are nearing completion.

One quick question for this group: how important is it to you to have
ECDSA - or something very close to it (e.g. a derandomised version) - for
TLS use, and how much appetite is there for adopting schemes that deviate
more significantly from ECDSA (e.g. EdDSA)?

This question will surely be covered in forthcoming CFRG discussions as
well, but I think it's useful to ask the question here too, given that TLS
will be the first and primary customer for what we're working on in CFRG.

Cheers

Kenny


>
>Russ
>
>_______________________________________________
>TLS mailing list
>TLS@ietf.org
>https://www.ietf.org/mailman/listinfo/tls