Re: [TLS] Delegated Credentials Question about PSS

Watson Ladd <watsonbladd@gmail.com> Thu, 17 October 2019 03:32 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 644C112011B for <tls@ietfa.amsl.com>; Wed, 16 Oct 2019 20:32:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eSdgu38hajK7 for <tls@ietfa.amsl.com>; Wed, 16 Oct 2019 20:32:21 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCF42120024 for <tls@ietf.org>; Wed, 16 Oct 2019 20:32:20 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id n14so871295ljj.10 for <tls@ietf.org>; Wed, 16 Oct 2019 20:32:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ksF2BMoGBSc7JkD1GviPX6MeTXiB7vkdr0osHmbdd20=; b=oxJhpKyiSwsZhk4SwSlwa/11wHA9cQ4jN1HwePCzMWgcen88zkJCp9wdQzcSCJTcej v81WgWqrglK8NkbZoOXA5kUP704/J3vFJ9i2RK36LDMLT5204jAo0z0vQyK/SYNS1VO1 hnWjDamkVqP6NHQXOECXSSjJsYlqpRQuJENvDJ1IqR72kWIfxUKK0GxT8RaDoKsUsfIk lyF8Jkg0blnHMSMPf6WHzStx5kVVKaVfbbmaa7FHWQ5MSzMp43tdS5lAKtWGT17FbVBW cJPirBDJkacmBKZxKEfyAlsYNg9JybieEh8QlG9cRPnFmYZkKpZ41OnDzrBgQAQ71suq AhjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ksF2BMoGBSc7JkD1GviPX6MeTXiB7vkdr0osHmbdd20=; b=pjryfyUAtB54MxuAjpXT6KCdAdr+q+4cySPHPhonqyTFOzZ/Mz7DdagTYfaH7wyI1z 822H9auGuGkcdWO07+00PYQ1euNObClsMeTjlVGK9Gfh3AJ/OL3xOwVgZn6GLyUF/ydU Jvi3hQHhZITD++gQ6oJf6x53WSMI4oZkFpqdFPLCQ21+G5d5GiZZELcXdSonySqFwV7q jWUGw+6y0AVINy0oJDRz7G4YKrt0R8q2oVoU5QgxPxn9i4sBjj+GpR/8sozUOW0CoiAc xZsWwpc0Jp9QU9jgnoLPls6A0Hel9ppHIUOenICF98f4T3liZTnpv0M7XwU8vHaelwqB vg3Q==
X-Gm-Message-State: APjAAAWBm9MRpzgKPtdhv13jDuTr64YvPdVDBsS6jZmCfM9hErhCBKiG S0BfwRYAfJ9HGq724Bz7V1nOQeO+MP1OTydEpyA=
X-Google-Smtp-Source: APXvYqwQyIn87jdekXV4uvU6cT2vwPOLdiodY/qO7d5ElmLVec1imAcYJR/KwRZLejS5npXTml7g2y3pomGK29rjSWI=
X-Received: by 2002:a2e:8654:: with SMTP id i20mr859416ljj.238.1571283138946; Wed, 16 Oct 2019 20:32:18 -0700 (PDT)
MIME-Version: 1.0
References: <CAFDDyk-ohwH4pfeen8iFRHCqb8Pb95-DagORA_NtgaG9AWyoMQ@mail.gmail.com> <D11B62D0-2970-478F-A987-CECB45D58976@vigilsec.com> <29dbb36a-73d4-4e09-9906-d297e27a1f35@www.fastmail.com> <CAFDDyk-oEr=s5XFqAoXWe8kqMwf=RNzLJXFfezctZ=pAG7kK3A@mail.gmail.com> <7d15a1f1-c646-43b7-b5d6-c89ea4b4b615@www.fastmail.com>
In-Reply-To: <7d15a1f1-c646-43b7-b5d6-c89ea4b4b615@www.fastmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 16 Oct 2019 20:32:07 -0700
Message-ID: <CACsn0cnYc3nkMh9ajB_b8L=MZpd_r6yuP+=RPgAu2s-MGpdWmQ@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: Nick Sullivan <nick@cloudflare.com>, TLS List <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000056ad72059512dd58"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Vh0C_oBGHGvxnzTH5RvGPfN8uRo>
Subject: Re: [TLS] Delegated Credentials Question about PSS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2019 03:32:23 -0000

On Wed, Oct 16, 2019, 4:13 PM Martin Thomson <mt@lowentropy.net>; wrote:

> On Tue, Oct 15, 2019, at 17:13, Nick Sullivan wrote:
> > One may note that no matter what the choice is with respect to RSA,
> > this particular wrinkle also applies more broadly. For example, if a
> > client advertises support for ed25519 in "signature_algorithms" in
> > order to support ed25519 delegated credentials, it should also be
> > prepared to receive an ed25519 certificate.
>
> Good point.  But I'm not sure that I'm happy with that property.


In TLS 1.3 it seems to have been assumed this wouldn't happen and we could
split signature algorithms from signature algorithms cert.

If that's not actually the case it affects more than just DCs. DCs are a
good way to restore extensibility if there is a problem here, provided we
can come up with a solution.

>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>