Re: [TLS] Possible TLS 1.3 erratum

Martin Thomson <mt@lowentropy.net> Mon, 19 July 2021 14:09 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D1F43A34F4 for <tls@ietfa.amsl.com>; Mon, 19 Jul 2021 07:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=be3jwnHp; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=MKNM1Iqg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0tPOn2mHxM5z for <tls@ietfa.amsl.com>; Mon, 19 Jul 2021 07:09:36 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2009A3A34F2 for <tls@ietf.org>; Mon, 19 Jul 2021 07:09:36 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id EC3E03200908 for <tls@ietf.org>; Mon, 19 Jul 2021 10:09:32 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute5.internal (MEProxy); Mon, 19 Jul 2021 10:09:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=9O+3C2/jPUxpmvIlLBVmo/eyyEyvisD 8yEh6jYFkP1E=; b=be3jwnHp6zzuZAn7Ieg8mJiNrGk+ihkhfgZP7VuWAgFSTJ5 LH1yDaRzedJi2OP8tYyFACkTbVNlYOnm3wVS+gQuoPwRQL4yccEeJ8H2k0Knzy8Z nd2vNRTW4rEITrAPFxUMPq0/2WWi06Zuno5iBK4QZt4R+/G5iqJBDvYFCpOYC1wz 32JGLIB3BUMYY145QKNQN9nQAXJaN1+07yFnnMeMXlSeeO+QoxfnAB8oAAMcoUII Iel/q3O37TWoxERTzbW8N1gUyhzwEMNeSnfQFjGuxO7WqhV6rIrhkfoNjslo+Hax GHAn4sNJrWIbuqzevfNbsQ7sgNlvTnZS7WSnrow==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=9O+3C2 /jPUxpmvIlLBVmo/eyyEyvisD8yEh6jYFkP1E=; b=MKNM1IqgYNyBWLiKYPe3nv KlCHRiCUd3fY5Xn1Uv7qkr9A5PS1cSE6eqO332DGdSWFNw3fyIYE0QJr/sP0+vB9 YiSl+a4UTa8uDvJLzl5NQcUKBDOcgiqfFsrAe05S+q/yJnkkP7TBG7fRyM7x9/Da vW9xiNgAN5Mirxyh3RmXgaxmDqbqAOAU16i8/4e+ln4zg3Sqx935SCYlJwpTnUdt AAONe17wU52A/Qq79j0yRHO0u3bpj71s2iw20+x0vsi4RZMTZolWPQCwICdqdXlY kT072o9ITY4Bi9d9Sad6M6IwNsR3K2/wfojFLfzEJKoanPGTi4zUUa0brorEjJIA ==
X-ME-Sender: <xms:nIf1YIp4s8z9ZayH4duKYh3A9X4IYq0QpQR7fgpMa2CbOj_FlV9N0g> <xme:nIf1YOpq5HkVdYIxdE5IGC0jKErZYayGo62bb3uSlO_wb48zlA9XPXHwVWK6_3Cad 90F37rlaodlkSANeuo>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrfedtgdejudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuggftrfgrthhtvghrnhepkeetueeikedtkeelfeekve fhkeffvedvvefgkefgleeugfdvjeejgeffieegtdejnecuvehluhhsthgvrhfuihiivgep udenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvth
X-ME-Proxy: <xmx:nIf1YNMZaJElPaIclLhIVvVa9gxBr5j42I-BJOzO6ZWfpKKTAbfmVQ> <xmx:nIf1YP787X1b32WWZSGctkEjRCll8LHVH9ULH-NSURDEE_S1w4oDVg> <xmx:nIf1YH6wDCoeAZtYiJF6megTOxj9bR3-RAPMArRtnh-zy5FNiyxaQw> <xmx:nIf1YJGqQomranRprGgw67_OOrZG9Z6DN1sRenzrIiDsUkMX5usyoQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 2CCA93C0E7F; Mon, 19 Jul 2021 10:09:32 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-533-gf73e617b8a-fm-20210712.002-gf73e617b
Mime-Version: 1.0
Message-Id: <91834de2-1266-4efb-86d5-b8aa8e62aa95@www.fastmail.com>
In-Reply-To: <db76d008-f90e-4f6c-ae47-dd4971d8ce13@redhat.com>
References: <SY4PR01MB6251452C5CD94479D34112DBEEE19@SY4PR01MB6251.ausprd01.prod.outlook.com> <db76d008-f90e-4f6c-ae47-dd4971d8ce13@redhat.com>
Date: Tue, 20 Jul 2021 00:09:03 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: tls@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_0ZYF_rdpWYcl2LA9lFIt3TrUZw>
Subject: Re: [TLS] Possible TLS 1.3 erratum
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jul 2021 14:09:42 -0000

On Mon, Jul 19, 2021, at 23:25, Hubert Kario wrote:
> That's because browsers don't have the code to handle RSA-PSS certificates.

Not ALL the code, but we only have one small piece left in Firefox.  And we have plans to address the final small piece.  So maybe soon.