IETF Logo Mail Archive

Re: [TLS] TLS RSA-PSS and various versions of TLS

Martin Thomson <martin.thomson@gmail.com> Wed, 08 February 2017 23:49 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB29912957D for <tls@ietfa.amsl.com>; Wed, 8 Feb 2017 15:49:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id caH1QkyHWF2r for <tls@ietfa.amsl.com>; Wed, 8 Feb 2017 15:49:18 -0800 (PST)
Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C732129543 for <tls@ietf.org>; Wed, 8 Feb 2017 15:49:18 -0800 (PST)
Received: by mail-qk0-x22b.google.com with SMTP id s140so140485281qke.0 for <tls@ietf.org>; Wed, 08 Feb 2017 15:49:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=d11jNFlUFYafIoeeO3v5MaFNfg933+o489JKWs1kuc4=; b=to4wb3/8ViHxivOSR/CCMx/dWBIDp/+1reITpsIJ1sY9WOG3tm0ot1VRvRsR40BudC 7UyH4g7jztinPLOhF4saPCAPLjK7ufqE6xyuyuopUCR95mqNN97Yx6p5g4g5YM3u243n +gouA2ytQ7ZNvdXEvXzNBZkP5vVk/ZkdxesmFKVD3Nbij3bvJmdRQhYHFR5ovWw+YcDz /n1qoyirJO8DQMu5N4TffRVBWdOSDSMYunjTIzc3yKyF/q8Ovv+kOkOWEKOqmE6TiODQ 29c7I3ibaFWvcSZVQOCor5HouKJeiN8XFAh2Wn3j8C/VZMqrcpPVLp8rAybZV7M541LS YseA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=d11jNFlUFYafIoeeO3v5MaFNfg933+o489JKWs1kuc4=; b=JqX0PlecQ6mBpwxy6UCIFNFqx1Yaj8DdT79dkSlPYx1ZWhnZg+EW4QFo0gbYtO+W5l OuvhN6i2IpQ340xFr77nF5dFuDuEocKUThkKGH8JfdhV4jGXCG+Yhmc7jgh4Cbfykn5Z eDywMljqoW+AucNqXL6EhcG0Oz313AbtQ+abfs2Ix/azkib5ZsWPV3dT0UVdQjZiJyiV LqJhB8NlV7bfkR/uGrSUCQpxUzWzeNzYkyXAPuqAmpWzZPZ1Vwgu/X30bjLYMoOZpJ/S QxW5KEkFT67MkkuR/dJn3dLIwhEXofXPKOWHg4ri+oXlC6TIRAGyK9dgfSEDDJwZoDii mL/Q==
X-Gm-Message-State: AMke39mPyWQZxeNCFcW08//4tL+G2IdPUYKBSZxOU2Su9Brko2c+2hNHMSLONChxVVtaYIzvKPhtxcLDG8XGgQ==
X-Received: by 10.55.21.84 with SMTP id f81mr173360qkh.5.1486597757729; Wed, 08 Feb 2017 15:49:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Wed, 8 Feb 2017 15:49:17 -0800 (PST)
In-Reply-To: <20170208211738.GB17727@LK-Perkele-V2.elisa-laajakaista.fi>
References: <E521BA5F-4563-44D2-B186-B11B7B214A15@mobileiron.com> <20170208211738.GB17727@LK-Perkele-V2.elisa-laajakaista.fi>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 09 Feb 2017 10:49:17 +1100
Message-ID: <CABkgnnUU5gJ322Gcyqd7-G4jXRGz3_19rf94XjDYnA-0fECkyg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/EjuBNTKXH2RQk23Xi7rvabzkJ4E>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS RSA-PSS and various versions of TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2017 23:49:19 -0000

On 9 February 2017 at 08:17, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> If client includes RSA-PSS codepoints in its signature_algorithms,
> then:
>
> - The server handshake signature MAY be signed using RSA-PSS in TLS
>   1.2 or later. Yes, 1.2, not 1.3.
> - The certificate chain MAY contain certificates signed with RSA-PSS
>   in any TLS version (however, the salt length must match hash length).


This is consistent with TLS 1.3 (and the discussion we had on the same
subject previously).

RSASSA-PSS algorithms: Indicates a signature algorithm using
RSASSA-PSS [RFC3447] with mask generation function 1. The digest used
in the mask generation function and the digest being signed are both
the corresponding hash algorithm as defined in [SHS]. When used in
signed TLS handshake messages, the length of the salt MUST be equal to
the length of the digest output. This codepoint is also defined for
use with TLS 1.2.

v2.23.0 | Report a Bug | By Email