Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA
Tony Arcieri <bascule@gmail.com> Tue, 09 August 2016 21:13 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 0295012D185
for <tls@ietfa.amsl.com>; Tue, 9 Aug 2016 14:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id f45KipqJlyso for <tls@ietfa.amsl.com>;
Tue, 9 Aug 2016 14:13:47 -0700 (PDT)
Received: from mail-ua0-x233.google.com (mail-ua0-x233.google.com
[IPv6:2607:f8b0:400c:c08::233])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 32E8212D15A
for <tls@ietf.org>; Tue, 9 Aug 2016 14:13:47 -0700 (PDT)
Received: by mail-ua0-x233.google.com with SMTP id 74so40307350uau.0
for <tls@ietf.org>; Tue, 09 Aug 2016 14:13:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=T+JWjMW21NElWxm1lK11vZ3m7NtVmVlvIX7oC7fm7jg=;
b=PBJRJvNdTeolfh4+DqnPZv9Kbn8OjspxrmjhNUlNfqwi90cc8HeVYq1XRsfRbyxEzD
AQ0zTiTgZpB5oEIn9vIJIJ+mgaqmj7ZZBTljG8rez3sOrbayEBJJNgUueBgDzDwBIKKW
k9OuNOYsL+BZCJiv1TsoMLue2fBIT13qiZ5CQ8iVwKVQ4g/jukXJfj4y6549yMCKtalU
pGul78FcWFxJdGKZNzefGEYExRt7amqXCl1yCziW7yfcaIkuCwEYm2Cw5s9jcmHNWpg4
MTCuBrwm4ydWDzG5dsadjUIzIgOHZyo3rlcPyEIJ8bRZtHizPewx62xcQ4PHctFeJsqk
hBwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=T+JWjMW21NElWxm1lK11vZ3m7NtVmVlvIX7oC7fm7jg=;
b=kQUabjdjrcg6O3mqm0PZMEB6pDtdCWkihZY2cugLeXj2KgVxP2yoH68093FaCUE9/v
eQSRR/ahdhlL6BtTXszlN2w73R1SSoCu3ELR4mcb9qQEZIOOvaXYsb5QrWjJdeuJvJmY
c9LKZlJi+lhxgQx4GYH+HvgUAxiCvP9FPYghFdzTf3FWIGP+FgZyLWeK+QJL29Rhuqfk
VhIXnTmhex7XjYTJA9Netdg7jivKHJPasCn921dVR4cBEmYRxlMojEvYFbxSBcD56oNN
6S0au70noAObeSgy7XhR+WMyMgDQLqY+06E+3JpXxFexwUMNHOabTYKvOorhB4n4CciJ
Fm9w==
X-Gm-Message-State: AEkoousyBTF7XLPqWxsQdNZkIABcsZcBd3R+qmAVs7MS0LyEJ/HJ9dNPt7Rsf+aOdtDvpj4GjKcFXxgpSt34yA==
X-Received: by 10.176.7.34 with SMTP id h31mr240004uah.127.1470777226304; Tue,
09 Aug 2016 14:13:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.82.27 with HTTP; Tue, 9 Aug 2016 14:13:25 -0700 (PDT)
In-Reply-To: <20160809141615.5E17B1A520@ld9781.wdf.sap.corp>
References: <CAHOTMVJXTbbQKc4f7oc8nabrUqbY9QjEumvyUJn16uD4UdeLuw@mail.gmail.com>
<20160809141615.5E17B1A520@ld9781.wdf.sap.corp>
From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 9 Aug 2016 14:13:25 -0700
Message-ID: <CAHOTMV+e6Ka5yePxqj+onXM-bwq5n4pRw5F7g248e=Ydkzqnyw@mail.gmail.com>
To: Martin Rex <mrex@sap.com>
Content-Type: multipart/alternative; boundary=94eb2c1244d21e25c00539aa0260
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/c46-adqVJO40fd-e8NQvvYJ241A>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 21:13:49 -0000
On Tue, Aug 9, 2016 at 7:16 AM, Martin Rex <mrex@sap.com> wrote: > BERserk is an implementation defect, not a crypto weakness. > Hence why I phrased the question the way I did. Per Izu, Shimoyama, and Takenaka 2006, PKCS#1 v1.5 has sharp edges which implementers must avoid (of course, the same can be said of BER in BERserk, and it was clearly the bigger of the two problems). Peter Gutmann's response was the sort of thing I was looking for when I originally asked the question. -- Tony Arcieri
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Martin Rex
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Tony Arcieri
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Tony Arcieri
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Martin Rex
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Peter Gutmann
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Tony Arcieri
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Brian Smith
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Nikos Mavrogiannopoulos
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Salz, Rich
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Martin Rex
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Brian Smith
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Rene Struik
- Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Hanno Böck
- [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA Brian Smith