Re: [TLS] TLS RSA-PSS and various versions of TLS
Martin Thomson <martin.thomson@gmail.com> Wed, 08 February 2017 23:49 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB29912957D for <tls@ietfa.amsl.com>; Wed, 8 Feb 2017 15:49:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id caH1QkyHWF2r for <tls@ietfa.amsl.com>; Wed, 8 Feb 2017 15:49:18 -0800 (PST)
Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C732129543 for <tls@ietf.org>; Wed, 8 Feb 2017 15:49:18 -0800 (PST)
Received: by mail-qk0-x22b.google.com with SMTP id s140so140485281qke.0 for <tls@ietf.org>; Wed, 08 Feb 2017 15:49:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=d11jNFlUFYafIoeeO3v5MaFNfg933+o489JKWs1kuc4=; b=to4wb3/8ViHxivOSR/CCMx/dWBIDp/+1reITpsIJ1sY9WOG3tm0ot1VRvRsR40BudC 7UyH4g7jztinPLOhF4saPCAPLjK7ufqE6xyuyuopUCR95mqNN97Yx6p5g4g5YM3u243n +gouA2ytQ7ZNvdXEvXzNBZkP5vVk/ZkdxesmFKVD3Nbij3bvJmdRQhYHFR5ovWw+YcDz /n1qoyirJO8DQMu5N4TffRVBWdOSDSMYunjTIzc3yKyF/q8Ovv+kOkOWEKOqmE6TiODQ 29c7I3ibaFWvcSZVQOCor5HouKJeiN8XFAh2Wn3j8C/VZMqrcpPVLp8rAybZV7M541LS YseA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=d11jNFlUFYafIoeeO3v5MaFNfg933+o489JKWs1kuc4=; b=JqX0PlecQ6mBpwxy6UCIFNFqx1Yaj8DdT79dkSlPYx1ZWhnZg+EW4QFo0gbYtO+W5l OuvhN6i2IpQ340xFr77nF5dFuDuEocKUThkKGH8JfdhV4jGXCG+Yhmc7jgh4Cbfykn5Z eDywMljqoW+AucNqXL6EhcG0Oz313AbtQ+abfs2Ix/azkib5ZsWPV3dT0UVdQjZiJyiV LqJhB8NlV7bfkR/uGrSUCQpxUzWzeNzYkyXAPuqAmpWzZPZ1Vwgu/X30bjLYMoOZpJ/S QxW5KEkFT67MkkuR/dJn3dLIwhEXofXPKOWHg4ri+oXlC6TIRAGyK9dgfSEDDJwZoDii mL/Q==
X-Gm-Message-State: AMke39mPyWQZxeNCFcW08//4tL+G2IdPUYKBSZxOU2Su9Brko2c+2hNHMSLONChxVVtaYIzvKPhtxcLDG8XGgQ==
X-Received: by 10.55.21.84 with SMTP id f81mr173360qkh.5.1486597757729; Wed, 08 Feb 2017 15:49:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Wed, 8 Feb 2017 15:49:17 -0800 (PST)
In-Reply-To: <20170208211738.GB17727@LK-Perkele-V2.elisa-laajakaista.fi>
References: <E521BA5F-4563-44D2-B186-B11B7B214A15@mobileiron.com> <20170208211738.GB17727@LK-Perkele-V2.elisa-laajakaista.fi>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 09 Feb 2017 10:49:17 +1100
Message-ID: <CABkgnnUU5gJ322Gcyqd7-G4jXRGz3_19rf94XjDYnA-0fECkyg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EjuBNTKXH2RQk23Xi7rvabzkJ4E>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS RSA-PSS and various versions of TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2017 23:49:19 -0000
On 9 February 2017 at 08:17, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > If client includes RSA-PSS codepoints in its signature_algorithms, > then: > > - The server handshake signature MAY be signed using RSA-PSS in TLS > 1.2 or later. Yes, 1.2, not 1.3. > - The certificate chain MAY contain certificates signed with RSA-PSS > in any TLS version (however, the salt length must match hash length). This is consistent with TLS 1.3 (and the discussion we had on the same subject previously). RSASSA-PSS algorithms: Indicates a signature algorithm using RSASSA-PSS [RFC3447] with mask generation function 1. The digest used in the mask generation function and the digest being signed are both the corresponding hash algorithm as defined in [SHS]. When used in signed TLS handshake messages, the length of the salt MUST be equal to the length of the digest output. This codepoint is also defined for use with TLS 1.2.
- Re: [TLS] TLS RSA-PSS and various versions of TLS Dr Stephen Henson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Dr Stephen Henson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Benjamin Kaduk
- Re: [TLS] TLS RSA-PSS and various versions of TLS Dr Stephen Henson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Ilari Liusvaara
- Re: [TLS] TLS RSA-PSS and various versions of TLS Martin Rex
- [TLS] TLS RSA-PSS and various versions of TLS Timothy Jackson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Yoav Nir
- Re: [TLS] TLS RSA-PSS and various versions of TLS Martin Thomson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Ilari Liusvaara
- Re: [TLS] TLS RSA-PSS and various versions of TLS Martin Thomson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Dr Stephen Henson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Martin Thomson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Dr Stephen Henson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Viktor Dukhovni
- Re: [TLS] TLS RSA-PSS and various versions of TLS Dr Stephen Henson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Ilari Liusvaara
- Re: [TLS] TLS RSA-PSS and various versions of TLS Martin Thomson
- Re: [TLS] TLS RSA-PSS and various versions of TLS Hubert Kario