Re: [TLS] RSA-PSS in TLS 1.3

Yoav Nir <> Tue, 01 March 2016 19:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6134B1B401F for <>; Tue, 1 Mar 2016 11:20:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1roRjQhODLQE for <>; Tue, 1 Mar 2016 11:20:46 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2F9571B403C for <>; Tue, 1 Mar 2016 11:20:44 -0800 (PST)
Received: by with SMTP id n186so52850458wmn.1 for <>; Tue, 01 Mar 2016 11:20:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3zfVrnMAGEIPpo2Z82Z4dkBA7DrvOlLWgTz0p3nKiMo=; b=iISI5Wo17Qyu+I77U6/8OfSY1ZP0igBXqCUwQ76nM2UMu9QEQnyxjp+J8KQQhVQX9j r3AxuncOVg0djUs92eq7oCzSB5FbGsPUWG0RhuuhE8A9IPPWhL4aLDO2ifLhwEZTL+rs MiCchyz7XLem/FLCr77HItmfDO9qB2uOMku2sFL83ifgpxVA76Itap0Ra3xU5EqxNnCK ZW/FgLEmtwO1/myYQWQ3IOqtg6myjcPYQEus8T8hud5JAc1RdWtU/XS2pLvLOxFIvWUn hp3Sz342a60JXpzff+9jEYUZfIcIaN2ObcgRU/eouZOwEMSmDt0v7903M31eSkMNs9O4 yKtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3zfVrnMAGEIPpo2Z82Z4dkBA7DrvOlLWgTz0p3nKiMo=; b=TFh2re83rzeXrIONZA8wIBKc+zKUegB7n87IyefMafBcqeZFyufqqRXbmR/KRjlQhx JEORz/7oXZ4RY0IE1XBk87E4ZeYHdb58M8mRIE4XjF7l8ba7HK5oz1/a4ol8zh3wPcTI OIYq1qqPwCJFm0O//f8Y5Tk/fpLvvIJdbEuhnWToRMs8Hg5wMfBdoywtHlBR5zWm6n44 VF0ZMCeLsV80ZRpVng5wYimlGWBVCfbJhyaBrLGj8os7MxpKtgRxvkZXJh2k0Oz3HJE0 KHlFTQty+pQEap6ydoqydwK2Qe45E81FzP/jKc2H9pV313HzQXqVq8NpMdnWB+Hdd2KG 0H0g==
X-Gm-Message-State: AD7BkJJIafgU+UIi7cLw4Bz+6Cu7w1IEGo249peAqgrR+kyQPfuure1x1PLapFxx8YC2cg==
X-Received: by with SMTP id 71mr632620wmw.47.1456860042764; Tue, 01 Mar 2016 11:20:42 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id q139sm594432wmd.2.2016. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 01 Mar 2016 11:20:41 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Yoav Nir <>
In-Reply-To: <>
Date: Tue, 1 Mar 2016 21:20:39 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <20160229233617.5466ebd3@pc1> <> <> <>
To: Alyssa Rowan <>
X-Mailer: Apple Mail (2.3112)
Archived-At: <>
Subject: Re: [TLS] RSA-PSS in TLS 1.3
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Mar 2016 19:20:47 -0000

On 1 Mar 2016, at 8:23 PM, Alyssa Rowan <> wrote:

> > [YN] It would be cool to ban PKCS#1.5 from certificates, but we
> > are not the PKIX working group. Nor are we the CA/Browser forum.
> > When a CA issues a certificate it has to work with every client
> > and server out there, When we use TLS 1.3, the other side supports
> > TLS 1.3 as well, so it’s fair to assume that it knows PSS.
> Perhaps the PKIX working group and CAB/Forum could both use a friendly
> reminder not to ignore how perilous using RSA PKCS#1 v1.5 still remains?

Neither you nor I can post in any of the CA/Browser forum’s lists, because neither of us has either a browser or a public CA. 

There are some people who are active there and are reading this list, so they might take such a proposal there. I’m not very optimistic, though. While only CAs and browsers are members, they are keenly aware that even the public CAs have a wide variety of relying parties, running all sorts of software. And it’s much harder to scan clients than it is to scan servers, so it’s difficult to say how many clients will not be able to connect to a server with a certificate signed with RSA-PSS. Probably far too many for the CA/BF to be comfortable deprecating PKCS#1.  

The PKIX working group has shut down several years ago. The Curdle WG is a new working group whose charter includes deprecating obsolete stuff. Perhaps they might be interested.