Re: [TLS] Using RSA PSS in TLS
Johannes Merkle <johannes.merkle@secunet.com> Mon, 28 October 2013 12:29 UTC
Return-Path: <Johannes.Merkle@secunet.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74CE911E8112 for <tls@ietfa.amsl.com>; Mon, 28 Oct 2013 05:29:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.531
X-Spam-Level:
X-Spam-Status: No, score=-3.531 tagged_above=-999 required=5 tests=[AWL=0.068, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r4U-O5zd-4Vk for <tls@ietfa.amsl.com>; Mon, 28 Oct 2013 05:29:13 -0700 (PDT)
Received: from a.mx.secunet.com (a.mx.secunet.com [195.81.216.161]) by ietfa.amsl.com (Postfix) with ESMTP id D75D111E80F8 for <tls@ietf.org>; Mon, 28 Oct 2013 05:29:10 -0700 (PDT)
Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id CA32B1A0088; Mon, 28 Oct 2013 13:30:41 +0100 (CET)
X-Virus-Scanned: by secunet
Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fIIkybbDRXUf; Mon, 28 Oct 2013 13:30:40 +0100 (CET)
Received: from mail-srv1.secumail.de (unknown [10.53.40.200]) by a.mx.secunet.com (Postfix) with ESMTP id 728BA1A0085; Mon, 28 Oct 2013 13:30:40 +0100 (CET)
Received: from [10.208.1.57] ([10.208.1.57]) by mail-srv1.secumail.de with Microsoft SMTPSVC(6.0.3790.4675); Mon, 28 Oct 2013 13:29:08 +0100
Message-ID: <526E5893.1020404@secunet.com>
Date: Mon, 28 Oct 2013 13:29:07 +0100
From: Johannes Merkle <johannes.merkle@secunet.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: Santosh Chokhani <SChokhani@cygnacom.com>, Rob Stradling <rob.stradling@comodo.com>, "<tls@ietf.org>" <tls@ietf.org>
References: <9A043F3CF02CD34C8E74AC1594475C735568B823@uxcn10-6.UoA.auckland.ac.nz> <4262AC0DB9856847A2D00EF817E811390957D9@scygexch10.cygnacom.com> <525BD330.6080100@comodo.com> <4262AC0DB9856847A2D00EF817E811390959CF@scygexch10.cygnacom.com>
In-Reply-To: <4262AC0DB9856847A2D00EF817E811390959CF@scygexch10.cygnacom.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 28 Oct 2013 12:29:08.0533 (UTC) FILETIME=[4C82D650:01CED3D9]
Subject: Re: [TLS] Using RSA PSS in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 12:29:17 -0000
Santosh Chokhani schrieb am 14.10.2013 13:21: > I was in error in the first place. So, the original question remains of how to tell each other of PSS. In TLS 1.2, the "signature_algorithms" extension is used to signal the supported / requested signature algorithms by both client and server. In order to support PSS in that extension, a new code point (or several, depending on the PSS parameters to be supported) had to be assigned in the corresponding IANA registry. http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16 IMO it is not necessary to define new cipher suites. The semantics of "RSA" in cipher suites (and KeyExchangeAlgorithm indicated in the the server key exchange messages) could be widened to comply with both PKCS#1v1.5 and PSS, and the use of PSS would be defined eligible only if it has been signaled in the "signature_algorithms" extension by the other peer. Likewise, the semantics of RSA in the certificate_types field in the Certificate Request message could be clarified that an rsa key may refer to SPKI rsaPublicKey (general RSA key) as well as to SPKI id-RSASSA-PSS (PSS key), but that PSS-keys are eligible only if PSS had been listed by the client in the signature_algorithms extension. Thus, the changes seem limited and backward interoperability would be preserved in the specs. Although the definition of new code points in the TLS SignatureAlgorithm Registry does not necessarily require a standards track RFC, I am not sure if the change / extension of existing semantics in TLS 1.2 doesn't require the standard track anyway. Johannes
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann
- Re: [TLS] Using RSA PSS in TLS Santosh Chokhani
- [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Hanno Böck
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann
- Re: [TLS] Using RSA PSS in TLS Santosh Chokhani
- Re: [TLS] Using RSA PSS in TLS Santosh Chokhani
- Re: [TLS] Using RSA PSS in TLS Rob Stradling
- Re: [TLS] Using RSA PSS in TLS Martin Rex
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Florian Weimer
- Re: [TLS] Using RSA PSS in TLS CodesInChaos
- Re: [TLS] Using RSA PSS in TLS Fedor Brunner
- Re: [TLS] Using RSA PSS in TLS Hanno Böck
- Re: [TLS] Using RSA PSS in TLS Hanno Böck
- Re: [TLS] Using RSA PSS in TLS Martin Rex
- Re: [TLS] Using RSA PSS in TLS Geoffrey Keating
- Re: [TLS] Using RSA PSS in TLS Watson Ladd
- Re: [TLS] Using RSA PSS in TLS Johannes Merkle
- Re: [TLS] Using RSA PSS in TLS Manuel Pégourié-Gonnard
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann
- Re: [TLS] Using RSA PSS in TLS Martin Rex
- Re: [TLS] Using RSA PSS in TLS Peter Gutmann