Re: [TLS] RSA-PSS in TLS 1.3
Brian Smith <brian@briansmith.org> Mon, 29 February 2016 19:01 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 821571B39C3 for <tls@ietfa.amsl.com>; Mon, 29 Feb 2016 11:01:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CtxbN4lXQKa4 for <tls@ietfa.amsl.com>; Mon, 29 Feb 2016 11:01:01 -0800 (PST)
Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59EAA1B39ED for <tls@ietf.org>; Mon, 29 Feb 2016 11:00:55 -0800 (PST)
Received: by mail-ob0-x234.google.com with SMTP id xx9so30709255obc.2 for <tls@ietf.org>; Mon, 29 Feb 2016 11:00:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=FaHLXHOaPDEmnnsJOJsbPS8gU1YJkXktRZpHyUzpvbg=; b=djLERGq6CCyIFkWmXZeyQuFkWkvmb5vsQKdcwGoE2JH0FBWNLMnRbganAREISaf4qc 9OYlylzCSw/GG5JX1vAj3MUaktAoqRlPONs0uG0tTatdJPvrK+F5GvgFnvp2Uzf03FxI FgT42bWl6aIMNuX9Qv0tZWg06bZ3TG7RBlAEBVl85YeKeRCjl9sZk9gWXVs4upl3+cDk Mh77iEnndQhLuUMuREdOm2wbXt/dQnzOV8LCZg7O0ir5I/yHAkTuQecXNheHrx/Bexyx T/kyz/Rr7T6SKtWNSLL/6iJ2t7d5DNjcCPooNryQ8NV2V8cgf8lv5CYN0inwFFpLdsOZ oHdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=FaHLXHOaPDEmnnsJOJsbPS8gU1YJkXktRZpHyUzpvbg=; b=heE/v2aN1Y3WqgS4uo9t/DitqvmcOA1Bo/eVXtGqo7h9p5kNJGrl5fDDLH/Mi9U8qd MF+tJz9UB1fPisGU7lhJ4A1wS6TJN2xm7aij4SyCqwGgIQuVp0gp3eczD4kP84FaMP0E IroCU9kl4me36R95A5f7/t+gsGe1H3i5F24zzTSXRk+0Ncx2BGTChDTNMTeq6+T37KyO /OrYkIoFBOXY1Fdb2/WlRjTFHWs17CExRy+yhKr89EG6+yjp52IHXX0yN3zGmZvp55QI ym2eY9VIId/ZYMihQSJS+u6Dt10i4W41eIn+CyBQWKaWl828JIJ1Owl4XrBj/UnXDfFF RF2w==
X-Gm-Message-State: AD7BkJLQxrmUhV8q/EWvH7QrQyNe7x/P7Ih8hH2Q8X0BuEW+kvNqtj7MS1enc5aXExZFIFATyKwqNhULQlHRHQ==
MIME-Version: 1.0
X-Received: by 10.60.220.230 with SMTP id pz6mr13592165oec.49.1456772454640; Mon, 29 Feb 2016 11:00:54 -0800 (PST)
Received: by 10.76.37.231 with HTTP; Mon, 29 Feb 2016 11:00:54 -0800 (PST)
In-Reply-To: <CAOgPGoD=AAFDUXN8VkOHwTMEUm+-qi548NsicoD=1yQKSu-sng@mail.gmail.com>
References: <CAOgPGoD=AAFDUXN8VkOHwTMEUm+-qi548NsicoD=1yQKSu-sng@mail.gmail.com>
Date: Mon, 29 Feb 2016 09:00:54 -1000
Message-ID: <CAFewVt5VprOHLbDV6x_r0QZCkJC4Tke7zwyzMUDXyhPGNTwU4A@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Joseph Salowey <joe@salowey.net>
Content-Type: multipart/alternative; boundary="001a11367c2ead8948052ced4409"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/lATEtxGk2p3gALdI2YZvKMkIBig>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] RSA-PSS in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Feb 2016 19:01:03 -0000
Joseph Salowey <joe@salowey.net> wrote: > We seem to have good consensus on moving to RSA-PSS and away from PKCS-1.5 > in TLS 1.3. However, there is a problem that it may take some hardware > implementations some time to move to RSA-PSS. After an off list discussion > with a few folks here is a proposal for moving forward. > > We make RSA-PSS mandatory to implement (MUST implement instead of MUST > offer). Clients can advertise support for PKCS-1.5 for backwards > compatibility in the transition period. > Please respond on the list on whether you think this is a reasonable way > forward or not. > I agree with the others that TLS should use exclusively RSA-PSS (with all the parameters fixed according to the digest function used to digest the data) when RSA is used in the protocol. Implementations that can't support PSS in hardware can either implement it in software or use ECDSA or keep on using TLS 1.2. Cheers, Brian -- https://briansmith.org/
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Russ Housley
- Re: [TLS] RSA-PSS in TLS 1.3 Joseph Salowey
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- [TLS] RSA-PSS in TLS 1.3 Joseph Salowey
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Benjamin Beurdouche
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Brian Smith
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Salz, Rich
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Dave Garrett
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Thomson
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Thomson
- Re: [TLS] RSA-PSS in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Alyssa Rowan
- Re: [TLS] RSA-PSS in TLS 1.3 Watson Ladd
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Thomson
- Re: [TLS] RSA-PSS in TLS 1.3 Andrey Jivsov
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Rob Stradling
- Re: [TLS] RSA-PSS in TLS 1.3 Rob Stradling
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Eric Rescorla
- Re: [TLS] RSA-PSS in TLS 1.3 Yoav Nir
- Re: [TLS] RSA-PSS in TLS 1.3 Dave Garrett
- Re: [TLS] RSA-PSS in TLS 1.3 Dang, Quynh (Fed)
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Dang, Quynh (Fed)
- Re: [TLS] RSA-PSS in TLS 1.3 Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Dang, Quynh (Fed)
- Re: [TLS] RSA-PSS in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Rex
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Hanno Böck
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Rex
- Re: [TLS] RSA-PSS in TLS 1.3 Fedor Brunner
- Re: [TLS] RSA-PSS in TLS 1.3 Martin Rex
- Re: [TLS] RSA-PSS in TLS 1.3 Hubert Kario
- Re: [TLS] RSA-PSS in TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] RSA-PSS in TLS 1.3 Hannes Mehnert
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Ilari Liusvaara
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Hubert Kario
- Re: [TLS] RSA-PSS in TLS 1.3 Tony Arcieri
- [TLS] (TLS1.3 - algorithm agility support is enou… Rene Struik
- Re: [TLS] (TLS1.3 - algorithm agility support is … Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] (TLS1.3 - algorithm agility support is … Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Scott Fluhrer (sfluhrer)
- Re: [TLS] RSA-PSS in TLS 1.3 Hubert Kario
- Re: [TLS] RSA-PSS in TLS 1.3 Viktor Dukhovni
- Re: [TLS] RSA-PSS in TLS 1.3 Hubert Kario
- Re: [TLS] RSA-PSS in TLS 1.3 Tony Arcieri