Re: [TLS] Drafts for batch signing and PKCS#1 v1.5

Andrey Jivsov <crypto@brainhub.org> Wed, 31 July 2019 06:36 UTC

Return-Path: <crypto@brainhub.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 659BD120088 for <tls@ietfa.amsl.com>; Tue, 30 Jul 2019 23:36:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcastmailservice.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fBAeuLlT5eR for <tls@ietfa.amsl.com>; Tue, 30 Jul 2019 23:36:25 -0700 (PDT)
Received: from resqmta-po-12v.sys.comcast.net (resqmta-po-12v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9324112007C for <tls@ietf.org>; Tue, 30 Jul 2019 23:36:25 -0700 (PDT)
Received: from resomta-po-02v.sys.comcast.net ([96.114.154.226]) by resqmta-po-12v.sys.comcast.net with ESMTP id siAkh9qTkTbnXsiDohuQZ3; Wed, 31 Jul 2019 06:36:24 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastmailservice.net; s=20180828_2048; t=1564554984; bh=k5ecv+Pxl0Ngn1e9fXt/7r8Q7nL3E/0hHHkNnAyaPug=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=LHIl9wzzJnZ8Q0Ig67P/JRp+qweetSzbAcI8KGsyN167d1XeYVVv9QeYFigKIEW4G ofV1meWrHa2l33SJdG5BzdnYW3r//vkbUJFekJ3bHaUmNvkuTDYWz0VX4AXCKeqmxV VeD1hut/yT3mxM2rfebBMBCfK6GXTrhICDEFMHjHZMQ3UUPzEsB4bgA3fopCm06VZG DcPMKeqNsddg9adCct71/nwvyG0TBCv4mUoPKHtE+Sl2n6YBNmkeWBh8tO3e4nTV+P lOFO6Bb+n4bw21QdAxMD/jicCNAljw3cpFBUmUw8NgwyGYprVAmqub9f7DkOogLiN2 PQzUgxJ/aUsGg==
Received: from [192.168.0.10] ([73.222.32.57]) by resomta-po-02v.sys.comcast.net with ESMTPSA id siDnhT6oxobG3siDnhOnao; Wed, 31 Jul 2019 06:36:24 +0000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgeduvddrleeggdduuddtucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuvehomhgtrghsthdqtfgvshhipdfqfgfvpdfpqffurfetoffkrfenuceurghilhhouhhtmecufedttdenucenucfjughrpefuvfhfhffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpeetnhgurhgvhiculfhivhhsohhvuceotghrhihpthhosegsrhgrihhnhhhusgdrohhrgheqnecuffhomhgrihhnpehivghtfhdrohhrghenucfkphepjeefrddvvddvrdefvddrheejnecurfgrrhgrmhephhgvlhhopegludelvddrudeikedrtddruddtngdpihhnvghtpeejfedrvddvvddrfedvrdehjedpmhgrihhlfhhrohhmpegtrhihphhtohessghrrghinhhhuhgsrdhorhhgpdhrtghpthhtohepthhlshesihgvthhfrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd
X-Xfinity-VMeta: sc=0;st=legit
To: tls@ietf.org
References: <CAF8qwaDxRhGXc522Rf4C-8OcGM4Mm08Xca4KNNpHcT=4Va89aA@mail.gmail.com>
From: Andrey Jivsov <crypto@brainhub.org>
Message-ID: <990ade67-4727-a533-9f94-65383f9f285a@brainhub.org>
Date: Tue, 30 Jul 2019 23:36:23 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <CAF8qwaDxRhGXc522Rf4C-8OcGM4Mm08Xca4KNNpHcT=4Va89aA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QxBqYGALGUbu1WQRhvFE7TTyTIU>
Subject: Re: [TLS] Drafts for batch signing and PKCS#1 v1.5
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 06:36:28 -0000

Regarding PKCS 1.5 in TLS 1.3, please also see slide 4 for a year 2015
version of the same motivation
https://www.ietf.org/proceedings/94/slides/slides-94-tls-4.pdf .

On 7/29/19 5:15 PM, David Benjamin wrote:
> Hi all,
> 
> I’ve just uploaded a pair of drafts relating to signatures in TLS 1.3.
> https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00
> https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00
> 
> The first introduces optional legacy codepoints for PKCS#1 v1.5
> signatures with client certificates. This is unfortunate, but I think we
> should do it. On the Chrome side, we’ve encountered some headaches with
> the TLS 1.3 PSS requirement which are unique to client certificates. The
> document describes the motivations in detail.
> 
> The second describes a batch signing mechanism for TLS using Merkle
> trees. It allows TLS clients and servers to better handle signing load.
> I think it could be beneficial for a number of DoS and remote key scenarios.
> 
> Thoughts?
> 
> David
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>