Re: [TLS] Case for negotiation of PKCS#1.5 RSASSA-PKCS1-v1_5 in TLS 1.3

Benjamin Kaduk <bkaduk@akamai.com> Tue, 26 January 2016 23:08 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C84D71B32E5 for <tls@ietfa.amsl.com>; Tue, 26 Jan 2016 15:08:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JSH_iKwLaxFQ for <tls@ietfa.amsl.com>; Tue, 26 Jan 2016 15:08:27 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [23.79.238.175]) by ietfa.amsl.com (Postfix) with ESMTP id 0210A1B32E3 for <tls@ietf.org>; Tue, 26 Jan 2016 15:08:26 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id E53A9433401; Tue, 26 Jan 2016 23:08:25 +0000 (GMT)
Received: from prod-mail-relay10.akamai.com (prod-mail-relay10.akamai.com [172.27.118.251]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id CC09A4F0CD; Tue, 26 Jan 2016 23:08:25 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1453849705; bh=72tUeU4c777vReDUDvqXa7zOHKRII94obTROkk6BEKI=; l=1466; h=To:References:From:Date:In-Reply-To:From; b=sFsfTn9Rrgz5BnOoltKwfxAfcl6VPjWVHL2CJ3JdK1fEncduujx/RAfbrkryC1Hwx wqcs01tXFfdzESehT20aAXXcPO5i/pnRnYof9VQ4brtq1dyiRpQvMxptXazMOMynKN kxXsxluYd+Lkki8t85iVXGGkOr87XtcTdr1MgDsw=
Received: from [172.19.0.25] (bos-lpczi.kendall.corp.akamai.com [172.19.0.25]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id 9888B2030; Tue, 26 Jan 2016 23:08:25 +0000 (GMT)
To: Hubert Kario <hkario@redhat.com>, tls@ietf.org
References: <56A192FC.4060206@brainhub.org> <35455210.tz7m1zDUF6@pintsize.usersys.redhat.com> <56A64D5E.7090104@akamai.com> <3922672.SasYckhRS6@pintsize.usersys.redhat.com>
From: Benjamin Kaduk <bkaduk@akamai.com>
Message-ID: <56A7FC69.1040601@akamai.com>
Date: Tue, 26 Jan 2016 17:08:25 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <3922672.SasYckhRS6@pintsize.usersys.redhat.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/vfo97hEAA3unSFtOzNDoqsP0KK4>
Subject: Re: [TLS] Case for negotiation of PKCS#1.5 RSASSA-PKCS1-v1_5 in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 23:08:29 -0000

On 01/25/2016 01:43 PM, Hubert Kario wrote:
> On Monday 25 January 2016 10:29:18 Benjamin Kaduk wrote:
>> On 01/22/2016 01:14 PM, Hubert Kario wrote:
>>> On Friday 22 January 2016 10:39:26 Andrey Jivsov wrote:
>>> If we don't do it for HS in TLS first, we'll never get rid of it in
>>> X.509 certs. We need to start somewhere, and it's more reasonable to
>>> expect that hardware with support for new protocols will get updated
>>> for RSA-PSS handling than that libraries and hardware will suddenly
>>> start implementing it in droves just in anticipation of the time
>>> when CAs _maybe_ will start issuing certificates signed with RSA-PSS. 
>> Isn't it more a matter of TLS being a consumer of external PKIX
>> infrastructure, the web PKI, etc.?  They are out of the reach of the
>> IETF TLS working group; any requirements we attempted to impose would
>> be unenforceable, even if there was an Internet Police (which there
>> is not).
> TLS will happily use PKCS#1 v1.5 signed X.509 certificates, so how 
> exactly is creating a side effect of increasing the deployment rate of 
> RSA-PSS _in TLS implementations_ an "overreach"?!

There seems to be some confusion here; I am saying it would be an
overreach for us to insist that the X.509 certs we get use PSS.  The
best sense I can make out of this statement is that it is a response to
a claim that requiring PSS for TLS handshakes would be an overreach (it
is not).  Am I confused?

-Ben