Re: [TLS] RSA-PSS in TLS 1.3

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Thu, 03 March 2016 13:35 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6CB271A1A2E for <tls@ietfa.amsl.com>; Thu, 3 Mar 2016 05:35:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O8c5WWm4Y29W for <tls@ietfa.amsl.com>; Thu, 3 Mar 2016 05:35:50 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0129.outbound.protection.outlook.com [23.103.200.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDD651A0545 for <tls@ietf.org>; Thu, 3 Mar 2016 05:35:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BliSQH8zgBMSWBZWBYmYm1BErHMMc3IEBHwDI+/BT1w=; b=QlAUgR6uurq+HSjfZerhNPis0OO33ucIJEpDv6QV/aQRS5Q9WPqtwVdcMN71VcGCsOBNSJMeW1A7n7yahzh/7NLuqCyrt74Q4LebdWWFnc4Sz4sC4wl3rBrpOc0IOR0yd3JP1p/B9C2u7SVQFzlQRQAMMqsXAmWxMWhHZTULSx8=
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB122.namprd09.prod.outlook.com (10.255.200.156) with Microsoft SMTP Server (TLS) id 15.1.415.20; Thu, 3 Mar 2016 13:35:46 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0415.024; Thu, 3 Mar 2016 13:35:46 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] RSA-PSS in TLS 1.3
Thread-Index: AQHRcxcw0LczJ8DOZUibIUJHHuPVmp9De2eAgAAhn4CAAGkGgIAAcKsAgABx/YCAAA/+gIAAX6qAgABdhQCAAAWZAIAA79mAgAEPhOA=
Date: Thu, 3 Mar 2016 13:35:46 +0000
Message-ID: <BN1PR09MB12407B52B773981DB214919F3BD0@BN1PR09MB124.namprd09.prod.outlook.com>
References: <CAOgPGoD=AAFDUXN8VkOHwTMEUm+-qi548NsicoD=1yQKSu-sng@mail.gmail.com> <BC718116-64C4-46C0-870C-D82DE64B4C63@gmail.com> <20160302065747.GC10917@mournblade.imrryr.org>, <201603021616.15731.davemgarrett@gmail.com>
In-Reply-To: <201603021616.15731.davemgarrett@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [129.6.105.150]
x-microsoft-exchange-diagnostics: 1; BN1PR09MB122; 5:gMa/eGP54ixVePOJkopYd8e78qoe25dVUOyU2/obAn1nvB7WMkpww4Uny0hM9zDJPqBjOtK4stJTHnXXySrnDsWXNjg80BnMDg9eRKcasEquEbpWflJMfLR7TquU0vDv+KVvRlahtz4ekVLT+QOPJg==; 24:9oHgIcAreoKqTHMscmNNQklCwxOLBPW9Q64hk2rD3wLQ6WiC3wWqiGVqWAwNhpqbccGrJoTTEKRuLJx3ujemw7cLZFJ2LUHGTlnMITjUcag=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB122;
x-ms-office365-filtering-correlation-id: 4dfdaac7-b503-4a83-0655-08d34368ba3d
x-microsoft-antispam-prvs: <BN1PR09MB122B5701D8AD6E0E52CD41DF3BD0@BN1PR09MB122.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:BN1PR09MB122; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB122;
x-forefront-prvs: 0870212862
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(24454002)(53754006)(377454003)(2351001)(5004730100002)(76176999)(586003)(86362001)(54356999)(450100001)(107886002)(50986999)(15975445007)(110136002)(93886004)(189998001)(87936001)(11100500001)(19580405001)(74316001)(2501003)(19580395003)(5008740100001)(1220700001)(99286002)(106116001)(1096002)(77096005)(33656002)(102836003)(6116002)(92566002)(3846002)(66066001)(5003600100002)(122556002)(1730700002)(5002640100001)(2950100001)(10400500002)(2900100001)(2906002)(3900700001)(5001960100004)(40100003)(3660700001)(3280700002)(76576001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB122; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Mar 2016 13:35:46.4437 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB122
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/fEMjQB-g1bOAH3Q8Q4txWUgloBQ>
Subject: Re: [TLS] RSA-PSS in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2016 13:35:53 -0000

Hi all,

Why don't we use an even more elegant RSA signature called " full-domain hash RSA signature" ?

As you know, a SHAKE (as a variable output-length hash function) naturally produces a hash value which fits any given modulus size. Therefore, no paddings are needed which avoids any potential issues with the paddings and the signature algorithm would be very simple. 

Regards,
Quynh. 

________________________________________
From: TLS <tls-bounces@ietf.org> on behalf of Dave Garrett <davemgarrett@gmail.com>
Sent: Wednesday, March 2, 2016 4:16 PM
To: tls@ietf.org
Subject: Re: [TLS] RSA-PSS in TLS 1.3

On Wednesday, March 02, 2016 01:57:48 am Viktor Dukhovni wrote:
> adaptive attacks are I think a greater potential
> threat against interactive TLS than against a bunch of CA-authored
> bits at rest.

+1

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls