[TLS] PSS and TLS 1.3
Dr Stephen Henson <lists@drh-consultancy.co.uk> Fri, 20 January 2017 17:43 UTC
Return-Path: <lists@drh-consultancy.co.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2FE91294B4 for <tls@ietfa.amsl.com>; Fri, 20 Jan 2017 09:43:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.59
X-Spam-Level:
X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, T_HK_NAME_DR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id scd_AI70ku_I for <tls@ietfa.amsl.com>; Fri, 20 Jan 2017 09:43:28 -0800 (PST)
Received: from claranet-outbound-smtp03.uk.clara.net (claranet-outbound-smtp03.uk.clara.net [195.8.89.36]) by ietfa.amsl.com (Postfix) with ESMTP id 4440212943D for <tls@ietf.org>; Fri, 20 Jan 2017 09:43:27 -0800 (PST)
Received: from host86-161-67-142.range86-161.btcentralplus.com ([86.161.67.142]:46512 helo=[192.168.1.64]) by relay03.mail.eu.clara.net (relay.clara.net [81.171.239.33]:10465) with esmtpa (authdaemon_plain:drh) id 1cUdDe-0003f6-CH for tls@ietf.org (return-path <lists@drh-consultancy.co.uk>); Fri, 20 Jan 2017 17:43:23 +0000
To: "tls@ietf.org list" <tls@ietf.org>
From: Dr Stephen Henson <lists@drh-consultancy.co.uk>
Message-ID: <e993599c-f69d-2db3-f3f3-f40caf810bd6@drh-consultancy.co.uk>
Date: Fri, 20 Jan 2017 17:43:21 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mfG7wlhksmq2oom2v79bOPFePCo>
Subject: [TLS] PSS and TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2017 17:43:31 -0000
Draft 18 says: RSASSA-PSS algorithms Indicates a signature algorithm using RSASSA- PSS [RFC3447] with MGF1. The digest used in the mask generation function and the digest being signed are both the corresponding hash algorithm as defined in [SHS]. When used in signed TLS handshake messages, the length of the salt MUST be equal to the length of the digest output. This codepoint is defined for use with TLS 1.2 as well as TLS 1.3. What are the requirements for certificates when these RSSSA-PSS is used? The text above indicates the salt length for TLS messages. There are no restrictions placed on certificate signature salt lengths. Does this mean that any valid salt length (from 0 to the maximum permitted) must be supported? Additionally PSS signatures (see RFC4055) can be used with RSA keys (rsaEncryption OID) and RSA-PSS only keys (id-RSASSA-PSS OID). Does the RSASSA-PSS mean that both types must be accepted? Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.co.uk/ Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.
- [TLS] PSS and TLS 1.3 Dr Stephen Henson
- Re: [TLS] PSS and TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS and TLS 1.3 Brian Smith
- Re: [TLS] PSS and TLS 1.3 Adam Langley
- Re: [TLS] PSS and TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] PSS and TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS and TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] PSS and TLS 1.3 Martin Thomson
- Re: [TLS] PSS and TLS 1.3 Peter Gutmann
- Re: [TLS] PSS and TLS 1.3 Yoav Nir
- Re: [TLS] PSS and TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS and TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] PSS and TLS 1.3 Ilari Liusvaara