Re: [TLS] Drafts for batch signing and PKCS#1 v1.5

David Benjamin <davidben@chromium.org> Fri, 13 September 2019 22:25 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16A1F120116 for <tls@ietfa.amsl.com>; Fri, 13 Sep 2019 15:25:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.498
X-Spam-Level:
X-Spam-Status: No, score=-9.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W3U6t1F6PrsA for <tls@ietfa.amsl.com>; Fri, 13 Sep 2019 15:25:20 -0700 (PDT)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81AE8120096 for <tls@ietf.org>; Fri, 13 Sep 2019 15:25:20 -0700 (PDT)
Received: by mail-pf1-x429.google.com with SMTP id 205so18954624pfw.2 for <tls@ietf.org>; Fri, 13 Sep 2019 15:25:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=0706LKCip1QXmRaVzT1QZsiy4soI/MtlLO7duvHsL/w=; b=ScDpAER8pE3Ctvf7qeu084dlx3IB4dStoKqcOeJnrGa3CkkOGRxLkW9DuWdIlA5P75 NgFeoT6XxTTr58lCjSvjVHWZswl07KVdzO/em5ihJio0AIvtGkMi6wGu+onzmqCIFtkY 6XN5LxamhcDEfoqXnbjgQ6pEzKO6EXM+7xYuk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=0706LKCip1QXmRaVzT1QZsiy4soI/MtlLO7duvHsL/w=; b=GYtLJtCt9jOfZeNAFbAyxCZ382XUFttvZ3teRFPWoGJ5pAfrdTZj1q02uuQQ6sJzSN 5h85h/Wb0POjyHpdqYcNozY1a9Q3/LjIOWTxHkmXAutnfWMuQ0OhSLF4RW0yaN77xT01 qVbL88cpDb/Ai7h/+0sNWR7sWKK9g7DAt95NLNCC4LXm7VW/l3HnKkio0g6bVl1zz2vu rHsBB43kN3uTEG2HGkAX0NPNhYQBnya00gZ5AWs9PgdxZ4lRM72Vv9xw4zrRVgG2bj6R +5yy0YG3BBH3P5mUWmqveD/BZI9jUTlVjOknyQHgmhFpXlF2g+uKqb5AiCpu5sfvP0mR weqw==
X-Gm-Message-State: APjAAAW738XktL8kuviKlp2GGS0o2He/+0qaRWDY3QxT6xkuKydUyaNT A/qzmjD+UuR6N4C7ieXCO0KRDy5tf5mhAyhXymnWNMp9yOiL
X-Google-Smtp-Source: APXvYqy4aTzcppboWLgMGE/N09AEwhsH3zr62QkIVqucp3QQjKVeC0KSdx7oekVM1OiXCwN69+zYJuG3UAvESw4imHY=
X-Received: by 2002:a17:90a:e98e:: with SMTP id v14mr7560812pjy.99.1568413519483; Fri, 13 Sep 2019 15:25:19 -0700 (PDT)
MIME-Version: 1.0
References: <CAF8qwaDxRhGXc522Rf4C-8OcGM4Mm08Xca4KNNpHcT=4Va89aA@mail.gmail.com> <CAF8qwaD=5B9AXkGziwHZ-=LGH-n6fW0KQ9cQfZ2DWhpjDujhEQ@mail.gmail.com>
In-Reply-To: <CAF8qwaD=5B9AXkGziwHZ-=LGH-n6fW0KQ9cQfZ2DWhpjDujhEQ@mail.gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Fri, 13 Sep 2019 18:25:03 -0400
Message-ID: <CAF8qwaCOptH2sxZGW1ZyGB9hu48zi4KHhouLrxFGdp9yLzua1A@mail.gmail.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b0f32a059276ba73"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/i5uGgq4MlphwMiH2pvP7coQbmkA>
Subject: Re: [TLS] Drafts for batch signing and PKCS#1 v1.5
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 22:25:23 -0000

A quick update: I've uploaded -01 of tls-batch-signing which should address
the various comments that have come in thus far.
https://tools.ietf.org/html/draft-davidben-tls-batch-signing-01

On Tue, Jul 30, 2019 at 3:09 PM David Benjamin <davidben@chromium.org>;
wrote:

> Oops. draft-davidben-tls-batch-signing-00 cites
> draft-davidben-http2-tls13-00. That should be
> draft-davidben-tls13-pkcs1-00. (The XML file took a really long time to be
> created, so I manually tried to recreate it based on another file and
> forgot to update one of the fields.) I'll fix this in -01.
>
> On Mon, Jul 29, 2019 at 8:15 PM David Benjamin <davidben@chromium.org>;
> wrote:
>
>> Hi all,
>>
>> I’ve just uploaded a pair of drafts relating to signatures in TLS 1.3.
>> https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00
>> https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00
>>
>> The first introduces optional legacy codepoints for PKCS#1 v1.5
>> signatures with client certificates. This is unfortunate, but I think we
>> should do it. On the Chrome side, we’ve encountered some headaches with the
>> TLS 1.3 PSS requirement which are unique to client certificates. The
>> document describes the motivations in detail.
>>
>> The second describes a batch signing mechanism for TLS using Merkle
>> trees. It allows TLS clients and servers to better handle signing load. I
>> think it could be beneficial for a number of DoS and remote key scenarios.
>>
>> Thoughts?
>>
>> David
>>
>