Re: [TLS] Using RSA PSS in TLS
Johannes Merkle <johannes.merkle@secunet.com> Fri, 16 January 2015 11:09 UTC
Return-Path: <Johannes.Merkle@secunet.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0DD71ACD70 for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 03:09:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.21
X-Spam-Level:
X-Spam-Status: No, score=-1.21 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nUe-hWPgTZLS for <tls@ietfa.amsl.com>; Fri, 16 Jan 2015 03:09:09 -0800 (PST)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A15BA1ACD6F for <tls@ietf.org>; Fri, 16 Jan 2015 03:09:09 -0800 (PST)
Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id 8A5551A009D for <tls@ietf.org>; Fri, 16 Jan 2015 12:08:58 +0100 (CET)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id BbGQ5j9mqLcI for <tls@ietf.org>; Fri, 16 Jan 2015 12:08:56 +0100 (CET)
Received: from mail-essen-01.secunet.de (unknown [10.53.40.204]) by a.mx.secunet.com (Postfix) with ESMTP id C09F91A0096 for <tls@ietf.org>; Fri, 16 Jan 2015 12:08:56 +0100 (CET)
Received: from [10.208.1.76] (10.208.1.76) by mail-essen-01.secunet.de (10.53.40.204) with Microsoft SMTP Server (TLS) id 14.3.224.2; Fri, 16 Jan 2015 12:09:05 +0100
Message-ID: <54B8F151.5040604@secunet.com>
Date: Fri, 16 Jan 2015 12:09:05 +0100
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: tls@ietf.org
References: <525BADBD.8020007@secunet.com> <54B67A19.9010507@redhat.com> <CAK9dnSzJ3SzO0aBAU5RvywjU-HQ1o12De8+PYUuyy1sUdR7+CA@mail.gmail.com> <20150115013149.0185bea4@pc> <CACsn0ckFmOKsMgEtyoCB20EL+Wmff0n11oV-Nz2HYcXYPbcJvA@mail.gmail.com>
In-Reply-To: <CACsn0ckFmOKsMgEtyoCB20EL+Wmff0n11oV-Nz2HYcXYPbcJvA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.208.1.76]
X-EXCLAIMER-MD-CONFIG: 2c86f778-e09b-4440-8b15-867914633a10
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/_IDH1ezuxMB-FSpDO407iiiUO9s>
Subject: Re: [TLS] Using RSA PSS in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2015 11:09:17 -0000
> You *cannot* do PKCS 1.5 encryption right. The countermeasures to > Bleichenbacher depend on enforcing additional structure on the > messages, which SSL imposed by accident. As everyone should know, many > implementations still do not get this right. (Can't name which ones, > but even if they make the check, they may expose timing channels that > are exploitable: there was a German PhD thesis a year or two ago that > investigated exactly this, and broke some Java implementations). Jager, Schinzel and Somorovsky also showed how XML encryption is vulnerably and there was also this report about practical attacks against hardware implementations: https://eprint.iacr.org/2012/417 -- Johannes
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann
- Re: [TLS] Using RSA PSS in TLS Santosh Chokhani
- [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Hanno Böck
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann
- Re: [TLS] Using RSA PSS in TLS Santosh Chokhani
- Re: [TLS] Using RSA PSS in TLS Santosh Chokhani
- Re: [TLS] Using RSA PSS in TLS Rob Stradling
- Re: [TLS] Using RSA PSS in TLS Martin Rex
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Florian Weimer
- Re: [TLS] Using RSA PSS in TLS CodesInChaos
- Re: [TLS] Using RSA PSS in TLS Fedor Brunner
- Re: [TLS] Using RSA PSS in TLS Hanno Böck
- Re: [TLS] Using RSA PSS in TLS Hanno Böck
- Re: [TLS] Using RSA PSS in TLS Martin Rex
- Re: [TLS] Using RSA PSS in TLS Geoffrey Keating
- Re: [TLS] Using RSA PSS in TLS Watson Ladd
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann
- Re: [TLS] Using RSA PSS in TLS Martin Rex
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann