Re: [TLS] Adoption call for draft-davidben-tls13-pkcs1

Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 07 December 2019 10:20 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CEE9120164 for <tls@ietfa.amsl.com>; Sat, 7 Dec 2019 02:20:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ERqpd5DiyWXu for <tls@ietfa.amsl.com>; Sat, 7 Dec 2019 02:20:22 -0800 (PST)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DFE1120142 for <tls@ietf.org>; Sat, 7 Dec 2019 02:20:21 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id 92D2A16095 for <tls@ietf.org>; Sat, 7 Dec 2019 12:20:19 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp2.welho.com ([IPv6:::ffff:83.102.41.85]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id cYn1zoncpgCR for <tls@ietf.org>; Sat, 7 Dec 2019 12:20:19 +0200 (EET)
Received: from LK-Perkele-VII (87-100-246-37.bb.dnainternet.fi [87.100.246.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp2.welho.com (Postfix) with ESMTPSA id E67F672 for <tls@ietf.org>; Sat, 7 Dec 2019 12:20:17 +0200 (EET)
Date: Sat, 7 Dec 2019 12:20:17 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "tls@ietf.org" <tls@ietf.org>
Message-ID: <20191207102017.GA1754124@LK-Perkele-VII>
References: <843cc437-4c6d-43ce-b634-527a287c4e27@www.fastmail.com> <c4bab542-f1fd-4c80-89b8-1b7a3ef883a7@www.fastmail.com> <CAMfhd9W_+1i=Q48GKAxT=TtHm+fKxUKUepqCtfJ7xQ6LgM4h_w@mail.gmail.com> <CAEMoRCshwo1vsb+bYbJLpOCMWGcJ15sz8COXeXbxmX-KDbY8Mw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAEMoRCshwo1vsb+bYbJLpOCMWGcJ15sz8COXeXbxmX-KDbY8Mw@mail.gmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/OyCNM-57MLzb2_p7GnBW_cuXCqc>
Subject: Re: [TLS] Adoption call for draft-davidben-tls13-pkcs1
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2019 10:20:24 -0000

On Fri, Dec 06, 2019 at 11:09:48AM -0600, Darin Pettis wrote:
> On Thu, Nov 14, 2019 at 4:43 PM Adam Langley <agl@imperialviolet.org> wrote:
> > People on this list who manage large corporate networks may wish to pay
> > attention to this: while you may not have updated servers to TLS 1.3 yet,
> > eventually it'll happen and I suspect some will find a significant amount
> > of things like TPMs, in which you currently have client-certificate keys,
> > which only sign with PKCS#1 v1.5. Without this draft adopted and
> > implemented ahead of time, it's going to be painful.
> 
> Adam - Wanted to thank you for the call-out to people on the list managing
> large corporate networks.  Looking into the mutual authentication supported
> protocols issue that you and David raised.  Will evaluate potential future
> impact.

There are also library issues where the physical device does allow
RSA-PSS (e.g., because they can perform raw RSA root on arbitrary
values[1]), but libraries/drivers do not support it.

One test I just tried:

- Smartcard capable of raw RSA.
- OpenSC PKCS#11 drivers.
- Firefox ESR 68
- Server supports TLS 1.3 (Accept RSA PKCS#1v1.5 client signatures is
  enabled[2]).

Result: Failed. Client hits internal error code SEC_ERROR_LIBRARY_FAILURE
[3].


[1] Yeah, not great for security, but some devices are like that.

[2] That option was a hack to make things work with Firefox ESR 52,
which did send RSA PKCS#1v1.5 client signature (scheme 0x0401) in
comparable situation.

[3] My guess would be that browser asks drivers for RSA-PSS, which they
do not support, causing the error.


-Ilari