Re: [TLS] PSS and TLS 1.3
Yoav Nir <ynir.ietf@gmail.com> Mon, 06 February 2017 05:27 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 013F9129C12 for <tls@ietfa.amsl.com>; Sun, 5 Feb 2017 21:27:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9dqNGvhrnbev for <tls@ietfa.amsl.com>; Sun, 5 Feb 2017 21:27:40 -0800 (PST)
Received: from mail-wr0-x244.google.com (mail-wr0-x244.google.com [IPv6:2a00:1450:400c:c0c::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83A2E129C11 for <tls@ietf.org>; Sun, 5 Feb 2017 21:27:40 -0800 (PST)
Received: by mail-wr0-x244.google.com with SMTP id o16so2462631wra.2 for <tls@ietf.org>; Sun, 05 Feb 2017 21:27:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Dj3OdYg5YAST/vmEtEuqDl++urkaMr5VnYyF8S3+gm0=; b=DyGVjvfycMniJp8X3uykJ9lpAngcZHvX/72ueBWkwH+au9qJnAoXlE5JfwFPQ+Da+C QMTIGGXKNtw2SS/7e6cplayvLaZQjdDcNwNKtPW/1Roh7u20HsFkVHpNz5nMqFpmBK/A ovKsQz0nOGnmKNcda1bPl8fyMTPe8qREN33tDbylyEUbHTWi1bRv5OMPzJI0QIkoXNyH jZA7+msZG7bGxuoFTHjSrJ/iTiAcyWDFxKFzYjicWWqEnYs4zQv1W+sBsk0nIXIm5g6H v0Jq1PX5/TPjBkrih9jJVH5UfA9TmCxojtiI0PngdN9OhOonCwKLiYj6PbAfIvTqt24j 7Ajw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Dj3OdYg5YAST/vmEtEuqDl++urkaMr5VnYyF8S3+gm0=; b=EBp6hExuOgRZ3+LdwkT5TwLGIadDgBMQuWzTpZAxiq5xenNrQSVZ8M6Kpugh4ogahy V835P/4KD9bDII9hgZs7GhhZgE7QrdvuWzesq1F+8qJORyY5jckspApc6ZbR7HTArHgf w9uxXRUfWd1U59dSZz14W0AGx8k4onrisLd7kZu5EZjcJZ+nhMwqrlLrYurrwlO8H/Ag O9oqfBb3IBrz7d2JpeE4PFp0YOGQtMyo+yaFBrClY5W8TOwkDIcBEd3zjNkBS+UQb0xt ZIud4kUpqscyxBoC2afo2YAQv82wCfMNlM/LrSPxd89E+DzvYq98o3SN/hhn7yuYVzWH bkGw==
X-Gm-Message-State: AIkVDXIqQAM0REZSczkFCUMLQhlAHFZaq6xQHgyiX2BDp2nMFsYaufp0vg8glZ6CQdljeQ==
X-Received: by 10.223.166.181 with SMTP id t50mr7551123wrc.80.1486358858892; Sun, 05 Feb 2017 21:27:38 -0800 (PST)
Received: from [192.168.1.14] ([46.120.57.147]) by smtp.gmail.com with ESMTPSA id a13sm10706089wma.13.2017.02.05.21.27.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 05 Feb 2017 21:27:38 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CABkgnnVYcANcB9=DcbWhtC-MxRtyXu7UV77PNTGpCP5Oz0Qmeg@mail.gmail.com>
Date: Mon, 06 Feb 2017 07:27:36 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B13E99B-2F8E-4A57-AB83-745BE623FFBE@gmail.com>
References: <e993599c-f69d-2db3-f3f3-f40caf810bd6@drh-consultancy.co.uk> <1485158728.3068.5.camel@redhat.com> <20170123105241.GB28101@LK-Perkele-V2.elisa-laajakaista.fi> <1486339925.22876.1.camel@redhat.com> <CABkgnnVYcANcB9=DcbWhtC-MxRtyXu7UV77PNTGpCP5Oz0Qmeg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/CRJNyUlzB-aRnJVlF0VKslBCkIk>
Cc: "tls@ietf.org list" <tls@ietf.org>
Subject: Re: [TLS] PSS and TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2017 05:27:42 -0000
> On 6 Feb 2017, at 4:36, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 6 February 2017 at 11:12, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: >> TLS 1.3 requiring a different key type, will provide an incentive for >> them to update. > > > I don't think that's how this works. More likely, that would become a > reason not to deploy TLS 1.3 if you insist that only RSA-PSS certs are > used. Right. The only reason anyone is currently using RSA rather than ECDSA is for compatibility with older clients. If those clients are so old that they don’t support ECDSA keys, they’re not likely to support RSA-PSS. Yoav
- [TLS] PSS and TLS 1.3 Dr Stephen Henson
- Re: [TLS] PSS and TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS and TLS 1.3 Brian Smith
- Re: [TLS] PSS and TLS 1.3 Adam Langley
- Re: [TLS] PSS and TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] PSS and TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS and TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] PSS and TLS 1.3 Martin Thomson
- Re: [TLS] PSS and TLS 1.3 Peter Gutmann
- Re: [TLS] PSS and TLS 1.3 Yoav Nir
- Re: [TLS] PSS and TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS and TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] PSS and TLS 1.3 Ilari Liusvaara