Re: [TLS] RSA-PSS in TLS 1.3
Hanno Böck <hanno@hboeck.de> Tue, 01 March 2016 20:45 UTC
Return-Path: <hanno@hboeck.de>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 078621B4183 for <tls@ietfa.amsl.com>; Tue, 1 Mar 2016 12:45:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BEZ5XDeAgaeX for <tls@ietfa.amsl.com>; Tue, 1 Mar 2016 12:45:10 -0800 (PST)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [178.63.68.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AD371B4181 for <tls@ietf.org>; Tue, 1 Mar 2016 12:45:09 -0800 (PST)
Received: from pc1 (0x3ec7b91c.inet.dsl.telianet.dk [::ffff:62.199.185.28]) (AUTH: LOGIN hanno-default@schokokeks.org, TLS: TLSv1/SSLv3, 128bits, ECDHE-RSA-AES128-GCM-SHA256) by zucker.schokokeks.org with ESMTPSA; Tue, 01 Mar 2016 21:45:06 +0100 id 00000000000000A4.0000000056D5FF52.00004841
Date: Tue, 01 Mar 2016 21:45:06 +0100
From: Hanno Böck <hanno@hboeck.de>
To: tls@ietf.org
Message-ID: <20160301214506.639ee3d4@pc1>
In-Reply-To: <56D5DE1D.3000708@akr.io>
References: <CAOgPGoD=AAFDUXN8VkOHwTMEUm+-qi548NsicoD=1yQKSu-sng@mail.gmail.com> <56D4ABAD.90902@brainhub.org> <20160229233617.5466ebd3@pc1> <56D51FFB.9050909@brainhub.org> <DE710794-CA42-48E1-9AB9-A2BE2899E071@gmail.com> <56D5DE1D.3000708@akr.io>
X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=_zucker.schokokeks.org-18497-1456865107-0001-2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/TBDtVFmFBzNpEiaguZjyrR4PCHs>
Subject: Re: [TLS] RSA-PSS in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2016 20:45:12 -0000
On Tue, 1 Mar 2016 18:23:25 +0000 Alyssa Rowan <akr@akr.io> wrote: > And so (maybe not entirely coincidentally!): another attack, dubbed > DROWN, just emerged¹, using SSLv2 as - you guessed it - a > Bleichenbacher padding oracle against RSA PKCS#1 v1.5! To be fair, the issues surrounding RSA encryption are different ones than the ones about RSA signatures. We already agreed to deprecate RSA encryption entirely. Therefore DROWN is irrelevant for the discussion here. (What causes often confusion is that Daniel Bleichenbacher is responsible for *two* major and completely unrelated attacks against RSA PKCS #1 1.5, one against encryption and one against - badly implemented - signatures) -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@hboeck.de GPG: BBB51E42
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Russ Housley
- Re: [TLS] RSA-PSS in TLS 1.3 Joseph Salowey
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- [TLS] RSA-PSS in TLS 1.3 Joseph Salowey
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Benjamin Beurdouche
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Brian Smith
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Salz, Rich
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Dave Garrett
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Thomson
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Thomson
- Re: [TLS] RSA-PSS in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Alyssa Rowan
- Re: [TLS] RSA-PSS in TLS 1.3 Watson Ladd
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Thomson
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Rob Stradling
- Re: [TLS] RSA-PSS in TLS 1.3 Rob Stradling
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Eric Rescorla
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Dave Garrett
- Re: [TLS] RSA-PSS in TLS 1.3 Dang, Quynh (Fed)
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Dang, Quynh (Fed)
- Re: [TLS] RSA-PSS in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Dang, Quynh (Fed)
- Re: [TLS] RSA-PSS in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Rex
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Rex
- Re: [TLS] RSA-PSS in TLS 1.3 Fedor Brunner
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Rex
- Re: [TLS] RSA-PSS in TLS 1.3 Hubert Kario
- Re: [TLS] RSA-PSS in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] RSA-PSS in TLS 1.3 Hannes Mehnert
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Ilari Liusvaara
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Hubert Kario
- Re: [TLS] RSA-PSS in TLS 1.3 Tony Arcieri
- [TLS] (TLS1.3 - algorithm agility support is enou… Rene Struik
- Re: [TLS] (TLS1.3 - algorithm agility support is … Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] (TLS1.3 - algorithm agility support is … Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Hubert Kario
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Hubert Kario
- Re: [TLS] RSA-PSS in TLS 1.3 Tony Arcieri