IETF Logo Mail Archive

Re: [TLS] PR to clarify RSASSA-PSS requirements

Peter Wu <peter@lekensteyn.nl> Wed, 29 November 2017 00:06 UTC

Return-Path: <peter@lekensteyn.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFE32127735 for <tls@ietfa.amsl.com>; Tue, 28 Nov 2017 16:06:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lekensteyn.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QW_7xS0GfWFq for <tls@ietfa.amsl.com>; Tue, 28 Nov 2017 16:06:43 -0800 (PST)
Received: from mail.lekensteyn.nl (mail.lekensteyn.nl [IPv6:2a02:2308::360:1:25]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 652911205F0 for <tls@ietf.org>; Tue, 28 Nov 2017 16:06:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lekensteyn.nl; s=s2048-2015-q1; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=dk+vd45rPmw+C+o6Pvgn7SgcB0CJj2D31ih7dVoOWZg=; b=Y3hibj86YWorE8SAtJpraOFDIN2IxA8cKOaJDeki7a3cO9bpcxBSXQIqxsrks6zave4ebjUlaZwJf9TP0qTShd2QYQsBhggzp0vVnKK5jAAt7iBMOg5mmqswmcU2copmOOwiAV6wRtNRNPfMmLbjqtYZJGIDDSs4S2xDVwj3ziF68BzHwuNhoCV0wngoCUttsK8O/PyDI/SIBiygESk0bXKXETIlRLJHe6uz0oKV+mixmfFvxpYYYUq4hPrk0FPEK2M710qyx/iXeBQnfyuGjebUucLR0QjQ2t/rzUbL3MS2Fyk8AUfb9jC0zsA6xD2RatPXpljftFffw1gcMKJK1A==;
Received: by lekensteyn.nl with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <peter@lekensteyn.nl>) id 1eJptg-0003Bk-H5; Wed, 29 Nov 2017 01:06:40 +0100
Date: Wed, 29 Nov 2017 00:06:37 +0000
From: Peter Wu <peter@lekensteyn.nl>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Message-ID: <20171129000637.GA3051@al>
References: <20171122035404.GC18321@al> <CABcZeBP+1xrd8KdWwHh6U2_rMXUDeZAZKF_ZvFrs8DJ7hnQrGw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBP+1xrd8KdWwHh6U2_rMXUDeZAZKF_ZvFrs8DJ7hnQrGw@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/W8gtgjBnixgHphIw1rNBU8gmDV4>
Subject: Re: [TLS] PR to clarify RSASSA-PSS requirements
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 00:06:47 -0000

Hi Eric and list,

I have updated the PR https://github.com/tlswg/tls13-spec/pull/1098 last
week based on received feedback. Two issues are however still open:

 - Should a different codepoint be used for SPKIs other than
   rsaEncryption (i.e. id-RSASSA-PSS)? If so, what codepoints?

 - Should certificates with SPKI id-RSASSA-PSS be required to have no
   parameters (i.e. not restrict the hash algorithm chosen in TLS)?

Ideally it would already be sorted out before draft 22 is released. If
nothing is changed, then the specification remains ambiguous and
interoperability issues may occur.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl

v2.23.0 | Report a Bug | By Email