IETF Logo Mail Archive

Re: [TLS] TLS RSA-PSS and various versions of TLS

Dr Stephen Henson <lists@drh-consultancy.co.uk> Tue, 25 April 2017 12:08 UTC

Return-Path: <lists@drh-consultancy.co.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10F6412EC5B for <tls@ietfa.amsl.com>; Tue, 25 Apr 2017 05:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.589
X-Spam-Level:
X-Spam-Status: No, score=-2.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, T_HK_NAME_DR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SdkzRJacZ54C for <tls@ietfa.amsl.com>; Tue, 25 Apr 2017 05:08:09 -0700 (PDT)
Received: from claranet-outbound-smtp02.uk.clara.net (claranet-outbound-smtp02.uk.clara.net [195.8.89.35]) by ietfa.amsl.com (Postfix) with ESMTP id 1D95312869B for <tls@ietf.org>; Tue, 25 Apr 2017 05:08:08 -0700 (PDT)
Received: from host86-133-145-70.range86-133.btcentralplus.com ([86.133.145.70]:62822 helo=[192.168.1.64]) by relay02.mail.eu.clara.net (relay.clara.net [81.171.239.32]:10465) with esmtpa (authdaemon_plain:drh) id 1d2zGE-0003xI-7O for tls@ietf.org (return-path <lists@drh-consultancy.co.uk>); Tue, 25 Apr 2017 12:08:03 +0000
To: tls@ietf.org
References: <E521BA5F-4563-44D2-B186-B11B7B214A15@mobileiron.com> <20170208211738.GB17727@LK-Perkele-V2.elisa-laajakaista.fi> <53320524-0da9-2b59-c348-e1d585572c03@drh-consultancy.co.uk>
From: Dr Stephen Henson <lists@drh-consultancy.co.uk>
Message-ID: <a5e04ee0-b1d3-abff-fb1f-b397f9f8b7d2@drh-consultancy.co.uk>
Date: Tue, 25 Apr 2017 13:08:01 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <53320524-0da9-2b59-c348-e1d585572c03@drh-consultancy.co.uk>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/rkQU9teQPgK9n2P2_E24I0aNUNE>
Subject: Re: [TLS] TLS RSA-PSS and various versions of TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2017 12:08:11 -0000

On 18/02/2017 02:31, Dr Stephen Henson wrote:
> 
> Does this apply to RSASSA-PSS (RSA-PSS signing only) keys in end entity
> certificates too?
> 
> For example could a TLS 1.2 server legally present a certificate containing an
> RSASSA-PSS key for an appropriate ciphersuite? Similarly could a client present
> a certificate contain an RSASSA-PSS key?
> 

I can't recall getting a definitive answer to this. IMHO we should make the
requirements clear in the spec otherwise we could get interop issues.

Based on the opinions stated in this thread that would be:

1. When PSS signatures appear certificates, MGF digest and signing digest MUST
match and the salt length must equal the digest length.

2. Indicate that the PSS only (id-RSASSA-PSS) and RSA (rsaEncryption) keys MUST
be supported both as server keys and CA keys in certificates.

3. PSS only keys MUST be supported for TLS 1.2 also.

Steve.
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.

v2.23.0 | Report a Bug | By Email