[TLS] PSS for TLS 1.3
Eric Rescorla <ekr@rtfm.com> Sun, 22 March 2015 22:10 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 035A31A3B9C for <tls@ietfa.amsl.com>; Sun, 22 Mar 2015 15:10:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6wTMZGTVsPHj for <tls@ietfa.amsl.com>; Sun, 22 Mar 2015 15:10:13 -0700 (PDT)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E406A1A1BCD for <tls@ietf.org>; Sun, 22 Mar 2015 15:10:12 -0700 (PDT)
Received: by wegp1 with SMTP id p1so123667313weg.1 for <tls@ietf.org>; Sun, 22 Mar 2015 15:10:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=URGedTMZrLyjqYBoNrehviqj1ZXRXH9R98AWAS9OTuk=; b=S0kZmRRq+2PULqXbukugOOrWPk02rP5741wZuVJSF6PsUrMlI62xAptIh3gi55KRtC ZrQ1mXUfDHNnUYR1pPt6IcO+0QdaOsvK78iH+HsetIkaVHcGvHi7UGb7wrMPnn24sEkl xl4IAXGZ1wpmYNK2KXI28ysDzbzNpS8U0pPYxKSQztzjjAJTTtljoT64WHZtOiPElpg3 WySW1sG9kI80o2iwg+1oVYNUgM8UPzcNoJgxjybDTtpf2e5ouRPW+2LT9gaatkS9rtQG jRidj6tRRsc7S83cnQmPzMkzAetrK3UMKvSn5xnNnj4/LPTsZw+G3XAB+fIKzACHUVqG 6cbw==
X-Gm-Message-State: ALoCoQmy2abXyWLAzeH6FdSesM4CfFyeviN1bWdrliY/7KeuVrA4ug+3vpFBDrk6kh6qnyIrEYhp
X-Received: by 10.194.108.9 with SMTP id hg9mr183045760wjb.68.1427062211727; Sun, 22 Mar 2015 15:10:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.205.198 with HTTP; Sun, 22 Mar 2015 15:09:31 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 22 Mar 2015 15:09:31 -0700
Message-ID: <CABcZeBOeoyggJfma8rvyeRrh6Dw+oSp5P-oUG0MR3ZprBOyUPQ@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="047d7bf10b1c33eefd0511e7d075"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qSyxK_TPyzTPYPkGQtJbfW3rweQ>
Subject: [TLS] PSS for TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2015 22:10:15 -0000
During the interim we discussed discussion about adopting PSS for RSA signatures in TLS 1.3. Clearly, we will not be able to just adopt PSS because certificates will continue to be signed with PKCS#1 1.5. However, we could adopt PSS for signatures outside of the certificate context. Roughly speaking, we have three options: 1. Do not adopt PSS. 2. Adopt PSS as the only signature format for non-certificate signatures (but require acceptance of PKCS#1 1.5 for certificates) 3. Negotiate the use of PSS versus PKCS#1 1.5 Obviously, if we want to move to PSS, option #2 is simplest, but the sentiment at the interim was to survey the WG to see whether there was widespread enough support for generating and verifying PSS to make this feasible [0]. Please use this thread to discuss. -Ekr [0] FWIW, this doesn't appear to be a problem for NSS.
- [TLS] PSS for TLS 1.3 Eric Rescorla
- Re: [TLS] PSS for TLS 1.3 Brian Smith
- Re: [TLS] PSS for TLS 1.3 Eric Rescorla
- Re: [TLS] PSS for TLS 1.3 Peter Bowen
- Re: [TLS] PSS for TLS 1.3 Hanno Böck
- Re: [TLS] PSS for TLS 1.3 Nikos Mavrogiannopoulos
- Re: [TLS] PSS for TLS 1.3 Eric Rescorla
- Re: [TLS] PSS for TLS 1.3 Salz, Rich
- Re: [TLS] PSS for TLS 1.3 Russ Housley
- Re: [TLS] PSS for TLS 1.3 Russ Housley
- Re: [TLS] PSS for TLS 1.3 Paterson, Kenny
- Re: [TLS] PSS for TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS for TLS 1.3 Martin Rex
- Re: [TLS] PSS for TLS 1.3 Ilari Liusvaara
- Re: [TLS] PSS for TLS 1.3 Russ Housley