Re: [TLS] RSA-PSS in TLS 1.3

Joseph Salowey <joe@salowey.net> Wed, 06 July 2016 17:24 UTC

Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AADCD12D0DB for <tls@ietfa.amsl.com>; Wed, 6 Jul 2016 10:24:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lAgc06abhCKg for <tls@ietfa.amsl.com>; Wed, 6 Jul 2016 10:24:02 -0700 (PDT)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27FC312D094 for <tls@ietf.org>; Wed, 6 Jul 2016 10:24:02 -0700 (PDT)
Received: by mail-qt0-x22d.google.com with SMTP id f89so119803946qtd.2 for <tls@ietf.org>; Wed, 06 Jul 2016 10:24:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=IVVDNCMc+lKaa3SoTM/KddFLR+p4uttm/CE7SVg0NrU=; b=1IDjDBZRk9U8X0XU3bNZW+ToEYZjNteZiZPR8isfJwjBcxrtKM02tGr6HP2ZurQP1E KoyRHstuTx/kDDdy+iqD8Wi/fQ4sKQySoeaGqZV1IshkZN/QBTW9FnQY9WKSTkJP4Pqy b2BGlhU4NAkr+7TtShAKEgCnOkcIndWoI8AXt61qTkZ0ZF7wKrSEwRRPnUvXAxFGP2KV K4T2ZbaTokNBVQvAObZfaRU+Biz45ytkPoC67lNwrhkR2qWrGMJNAZlrZYzn5db+1tty 6P4fMlsAMitBysyV77zsV9IaJSoxbSAudu26WXayu3U0SrbvtakIqL104PCYy2Fs4qzs UOKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=IVVDNCMc+lKaa3SoTM/KddFLR+p4uttm/CE7SVg0NrU=; b=PhElxMcXs+0+fGMUvHAhwqqW26OQNpK4Gnyh3hKMPj5ZYkA6qCGWywN4xpvvhXWE86 YKzcr7YrBNN3PACCr5yRJbJwT1WPQG4/a0hbS8nIne/w/XzxPTbXr1NCz+IcTj1ciyLW +0zpcp2zLBiJMe0deSRhdWSvI1zHSogi8fgp95a5Fx2Xn+bGe39DDWrmJxLZG1F3oOEU n87QfPLS0jr7Tk70lGYWlz7Z7M5vFmF7Cksta1zAn56SUKgU2lV3pS0YgvOWdabZXmKw 3t5Q5UHbxVExPK7fC4EjUdKDuBTLQLlcB6Zn4P/DDNHc5w8gKl2AhcKNKBUsHM4pVXZn fn8g==
X-Gm-Message-State: ALyK8tKYSd1INwNtrDg+1rOUxQXHJo0mipOyzWi24NTLQ7wL65rvZlAFsRH0HmDwwuQ8RlJyuRWU6VkzvZAnXQ==
X-Received: by 10.200.47.107 with SMTP id k40mr35260681qta.86.1467825841280; Wed, 06 Jul 2016 10:24:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.181.134 with HTTP; Wed, 6 Jul 2016 10:23:41 -0700 (PDT)
In-Reply-To: <2223470.EAoG62gjRo@pintsize.usersys.redhat.com>
References: <20160303152945.18296912.40009.55386@ll.mit.edu> <2031124.N80aPK0KD4@pintsize.usersys.redhat.com> <20160308184131.GS10917@mournblade.imrryr.org> <2223470.EAoG62gjRo@pintsize.usersys.redhat.com>
From: Joseph Salowey <joe@salowey.net>
Date: Wed, 6 Jul 2016 09:23:41 -0800
Message-ID: <CAOgPGoDq0r9CJETzmBvJTk+NNkCj1B=rwbtnD_e5-=VaRRdf=g@mail.gmail.com>
To: Hubert Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary=001a113d81cadcc1670536fad571
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OeGL_wA6pk70bFB-2ZgX0El9jac>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RSA-PSS in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2016 17:24:04 -0000

I don't think we ever call consensus on this topic.  It looks like there is
rough consensus to move forward with RSA-PSS as the MUST implement
algorithm for certificate verify in TLS 1.3 and not allow PKCS-1.5.
During the discussion it also seemed that it is realistic that we may want
to add additional types in the future.  We may want better separation of
signature types of certificates and certificate verify.

Cheers,

J&S

On Wed, Mar 9, 2016 at 2:05 AM, Hubert Kario <hkario@redhat.com> wrote:

> On Tuesday 08 March 2016 18:41:32 Viktor Dukhovni wrote:
> > On Tue, Mar 08, 2016 at 07:24:37PM +0100, Hubert Kario wrote:
> > > No, I said that we have no reason to believe that quantum computers
> > > won't follow exponential increase in number of qbits they can
> > > handle,
> > > with the highest increase not exceeding doubling every year, but
> > > more
> > > likely doubling every two years (as every other technological
> > > development did till now).
> >
> > There's reason to be skeptical of such analogies.  Moore's law was
> > neither a theorem nor a law of nature.  It was an observation about
> > progress in feature-size shrink of silicon transistors.  It is far
> > from clear that evolution of silicon fabrication is a relevant model.
>
> That's why I'm not saying that it will be exactly like Moore's law.
>
> My point is, that processes which have super-exponential growth are the
> exception, not the rule (if they exist at all). And you would be hard
> pressed to find any process in history that experienced exponential
> growth over a long time span and be at the same time vastly faster than
> the Moore's law.
> --
> Regards,
> Hubert Kario
> Senior Quality Engineer, QE BaseOS Security team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>