IETF Logo Mail Archive

[TLS] PSS and TLS 1.3

Dr Stephen Henson <lists@drh-consultancy.co.uk> Fri, 20 January 2017 17:43 UTC

Return-Path: <lists@drh-consultancy.co.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2FE91294B4 for <tls@ietfa.amsl.com>; Fri, 20 Jan 2017 09:43:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.59
X-Spam-Level:
X-Spam-Status: No, score=-2.59 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, T_HK_NAME_DR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id scd_AI70ku_I for <tls@ietfa.amsl.com>; Fri, 20 Jan 2017 09:43:28 -0800 (PST)
Received: from claranet-outbound-smtp03.uk.clara.net (claranet-outbound-smtp03.uk.clara.net [195.8.89.36]) by ietfa.amsl.com (Postfix) with ESMTP id 4440212943D for <tls@ietf.org>; Fri, 20 Jan 2017 09:43:27 -0800 (PST)
Received: from host86-161-67-142.range86-161.btcentralplus.com ([86.161.67.142]:46512 helo=[192.168.1.64]) by relay03.mail.eu.clara.net (relay.clara.net [81.171.239.33]:10465) with esmtpa (authdaemon_plain:drh) id 1cUdDe-0003f6-CH for tls@ietf.org (return-path <lists@drh-consultancy.co.uk>); Fri, 20 Jan 2017 17:43:23 +0000
To: "tls@ietf.org list" <tls@ietf.org>
From: Dr Stephen Henson <lists@drh-consultancy.co.uk>
Message-ID: <e993599c-f69d-2db3-f3f3-f40caf810bd6@drh-consultancy.co.uk>
Date: Fri, 20 Jan 2017 17:43:21 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/mfG7wlhksmq2oom2v79bOPFePCo>
Subject: [TLS] PSS and TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2017 17:43:31 -0000

Draft 18 says:

   RSASSA-PSS algorithms  Indicates a signature algorithm using RSASSA-
      PSS [RFC3447] with MGF1.  The digest used in the mask generation
      function and the digest being signed are both the corresponding
      hash algorithm as defined in [SHS].  When used in signed TLS
      handshake messages, the length of the salt MUST be equal to the
      length of the digest output.  This codepoint is defined for use
      with TLS 1.2 as well as TLS 1.3.

What are the requirements for certificates when these RSSSA-PSS is used?

The text above indicates the salt length for TLS messages. There are no
restrictions placed on certificate signature salt lengths. Does this mean that
any valid salt length (from 0 to the maximum permitted) must be supported?

Additionally PSS signatures (see RFC4055) can be used with RSA keys
(rsaEncryption OID) and RSA-PSS only keys (id-RSASSA-PSS OID). Does the
RSASSA-PSS mean that both types must be accepted?

Steve.
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.

v2.23.0 | Report a Bug | By Email