Re: [TLS] Possible TLS 1.3 erratum
Peter Gutmann <pgut001@cs.auckland.ac.nz> Tue, 20 July 2021 14:19 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 273CA3A2455 for <tls@ietfa.amsl.com>; Tue, 20 Jul 2021 07:19:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssXvbSPQ7Xsz for <tls@ietfa.amsl.com>; Tue, 20 Jul 2021 07:18:55 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [180.189.28.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1007F3A2457 for <tls@ietf.org>; Tue, 20 Jul 2021 07:18:54 -0700 (PDT)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2170.outbound.protection.outlook.com [104.47.71.170]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-73-ErVnAUtINci7DR8EkVZCvA-1; Wed, 21 Jul 2021 00:18:43 +1000
X-MC-Unique: ErVnAUtINci7DR8EkVZCvA-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by SYBPR01MB3481.ausprd01.prod.outlook.com (2603:10c6:10:29::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.22; Tue, 20 Jul 2021 14:18:40 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::98a4:33de:1d06:e141]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::98a4:33de:1d06:e141%4]) with mapi id 15.20.4331.034; Tue, 20 Jul 2021 14:18:39 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Hubert Kario <hkario@redhat.com>
CC: Ilari Liusvaara <ilariliusvaara@welho.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] Possible TLS 1.3 erratum
Thread-Index: AQHXeWfZVoV1kD9i3UmF8KiMIWESdatEADMAgAGM1TeAABZcgIAEloO3gAAWdICAAGeoF4AA/AUAgAA8wIY=
Date: Tue, 20 Jul 2021 14:18:38 +0000
Message-ID: <SY4PR01MB6251FA6EACDD9D2991E9C4A1EEE29@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <SY4PR01MB6251EDB24FCAAEEFF65B5A58EEE19@SY4PR01MB6251.ausprd01.prod.outlook.com>, <ed9594be-dbae-4fd8-8971-a601a55b5d9e@redhat.com>
In-Reply-To: <ed9594be-dbae-4fd8-8971-a601a55b5d9e@redhat.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9222f4e5-762f-462e-5698-08d94b894540
x-ms-traffictypediagnostic: SYBPR01MB3481:
x-microsoft-antispam-prvs: <SYBPR01MB3481274ED1FA52EE4F067DE7EEE29@SYBPR01MB3481.ausprd01.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: 9JTsqUbvpqYU0Zm1dd/zvSXZabTsWhtj12TBz06gL+VYj7DhzoSy1JKlR/4nc+IzMI87sXVlDPCtkmSxZiKKSjY1ublm2nj13PzCYOj2YvSdIaxAhTSSmPb49EM+MdUeG8Vp6fJEvebTTm/0eIVUJktzJnfzKDlW+C0ACkWrCqo/oTPovXU7hiPGgYyKTEeWKSfbRK19NW78uk3K1qp3t9nAyl3SzrKU6eT23HVqKWKZlQPOhFkIqMn4ZOm+qx5damCEUAAE5Hw84gO/l60LcIRbis0fJ/2W6fX2KOgTiEhTJeKgyi0vwTI1D/WjglgvEw7GZ9NSYmlr16VliHh7n2lunN2w5dGUuwaQCFJw/5yCHnlrNu2VircQC+BUbAxL+daPK5vVnka5eYgcjXHIVVCNg0ryu1hfYqzXLEctVydtOd8fNJZcHHvJqUMOj/VK/xlenB100kkMWRupVa5EB2rzlqN17SOx8DEk4rRM8GaBYVQGbEC8h1hkEgFzB+KaqcPIUi1hu/DNsP/RrsWitKjj34rPghdTG6VzqwwEOl2pNiqf32Sc1FftjGH2H/F4g/rQUtsDcYfMJ7HT3TGOa8QvDWEt8GoUzYbxKQ1NWLlkBsN9v2sk1fKKN0TNMXnZe0RyPqjW6opRQIWZ8R782FIbIIsDo3q7EYdddIDOmXtSaKRamDCaB5oiSf87r1KuG6bHsprkrVcjfUCw2Ri2nA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(366004)(376002)(39850400004)(396003)(66446008)(76116006)(71200400001)(66476007)(86362001)(66946007)(478600001)(38100700002)(66556008)(122000001)(64756008)(2906002)(5660300002)(26005)(33656002)(52536014)(9686003)(4326008)(7696005)(186003)(55016002)(8936002)(83380400001)(786003)(6916009)(316002)(8676002)(54906003)(6506007)(38070700004); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PRLo7wDDs3A6yj7YvLF/3759sEIfPw6oJDNtz7Qb67ne2JZ9K+oaXgWv06Gs3EyWArGv21Un3Od2Cfqf7Vd2DhwtXirdL5dVmTEhiIl8Vyy8fsGm/TJMT4xZT1xsqFU/UET4cWCbZy/Zrll2DAFB1V93bwp4g0jxSPt1v6rMkfqqj7M1Vra4vWmfeMN3OmQt2oRYuL3ODJiNSEfglioNkOkGi8ZahEoynRPw7ePAEMDp+WTUs35DPrWrUKEu8ShuNjTNnVPmB/w2kLVTtUmxDlypwHn3UPr9oPTJ8juGKctenjKvWF+oJRvZaISgj1DE6WNITOH/GXK1WWOMbLhuYUkWPG/aAReBPP2z1I4ksK3ChWWDDaqHFDR0vj19OCfnaxjTPcYLf9Z5OWmFTRJTmaVKx+Oeu0TutLLJSMQrVAKmykrIi2OR3dSVq42ujxmRQgaYjhsNxrduzzbLM7t1cmIxtWFUApJI9SZatPc+xIZw0H1pBg2WHpaQeZBdtIYTCmMqxdxIgVKYMt7p3Gqrcspcuq+FCYsM4RXjbzION9y80Elj1MK9UyFyx1QWqkZblCc7U6RtP7q0/nCQ8HlnT8LChqQWGUOOSyuw4rMrYJxMVIHBenoCWzxhCTQ8NiNN83W+W6BIU5sdtvSYxC7J1aAvd5vTsfqDPrvYCtc+oC50BioDfeYtu/zvs6QY6XwCL3vJ+Zad+rzaSERJey+6SDcDPaBT9NF577N1BAiC7H3Seq9Dc8OdL9ABYAu4Xpuv7df8KJzWK52qAvKfg5ilxT+GNR74B5uv9zplUSLD1qMYY9YB+weeOu2JrIKVFemIwwuTmB6QfDy+WPmp+m2o5kO/yEU+4hmS6e2aMm55BXZTD8c1DOBPoNGWQa8QOlxABglcgqvM2XijMkCJxb8L2KzdvNjSEbzZZH7tHDk0xckiExPE591MpWxdquCNbWFdP9gndrUGyYzEayiRpEzrEcqWLHpcjraA28JmtiE/rZEm/bg90+W4ncLah4P/vUHxkhaCFty7q3oEn2GejWhabprPpu1TxZML2CAwj2bJ9s0Rvd0FphIB17y/kjCVTdj7Kv9bloXdvo3JD89bw2EpdeEeJvvV8jpEKvHTikebEzBsHLaABJObS6o26FAuDBEL5ODQP7339qZI+rHgqGA7XERUDHCXZqXcoQohnvmSbgI7o6MldNti667sMHvfmqp82aeRTnvOvChVFQ46IsCWFEjbQSDJM+H/vnBqRQ9HTOvPJMjJpOl1sSxPjUM5ohweHoalQ2eV2sFWAuFYHktUf+HtfZ3YYuwIWhPUO04R/BY=
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9222f4e5-762f-462e-5698-08d94b894540
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2021 14:18:38.4315 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ivc69aRaTHulw6t5XSdxblupxhW4bjTP2P3biz8wvmTy2lodEGbPNPC7N1PGEmjJEpJhnFL4SsLvkWA6rdZIYQMM7YhVm1xkzTWA0U1OB0A=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYBPR01MB3481
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/B-MazZs9LV7ELLMH3pWqGTHJB5s>
Subject: Re: [TLS] Possible TLS 1.3 erratum
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2021 14:19:01 -0000
Hubert Kario <hkario@redhat.com> writes: >I suggest you go back to the RFCs and check exactly what is needed for proper >handling of RSA-PSS Subject Public Key type in X.509. Specifically when the >"parameters" field is present. Looking at the code I'm using, it's four lines of extra code for PSS when reading sigs and four lines extra when writing (OK, technically seven if you include the "if" statement and curly braces lines). >You definitely won't be able to implement it in just "few lines". See above. >2. "What certificates can peer accept" is totally within the purview of TLS. Two things, firstly those values are used in two different extensions, only one of which covers signatures in certificates, and secondly, what happens if the client says rsa_pss_pss and the server only has an rsa_pss_rsae certificate? Does the server admin rush out and buy an rsa_pss_pss certificate (or, at the moment, found a new public CA that will issue them an rsa_pss_pss certificate) just to keep the client happy? Or are they expected to go out and buy two lots of every certificate that differ only in the RSA OID used just to play along with the client's request? This is exactly the reason why CMS rejected special-case handling for this stuff, because it doesn't make any sense. And now TLS is doing the exact thing that CMS rejected for not making any sense. Since the next step in the exchange will be to send the client the certificate, the only thing it could potentially do is save a single round trip when the handshake is rejected by the server for lack of an appropriately-OIDed cert rather than the client when it gets said cert. Peter.
- [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Eric Rescorla
- Re: [TLS] Possible TLS 1.3 erratum David Benjamin
- Re: [TLS] Possible TLS 1.3 erratum Nick Harper
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Ilari Liusvaara
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Hubert Kario
- Re: [TLS] Possible TLS 1.3 erratum Martin Thomson
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Hubert Kario
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Ryan Sleevi
- Re: [TLS] Possible TLS 1.3 erratum Peter Gutmann
- Re: [TLS] Possible TLS 1.3 erratum Ryan Sleevi
- Re: [TLS] Possible TLS 1.3 erratum Hubert Kario