[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] Case for negotiation of PKCS#1.5 RSASSA-PKCS1-v1_5 in TLS 1.3
From:       Benjamin Kaduk <bkaduk () akamai ! com>
Date:       2016-01-26 23:08:25
Message-ID: 56A7FC69.1040601 () akamai ! com
[Download RAW message or body]

On 01/25/2016 01:43 PM, Hubert Kario wrote:
> On Monday 25 January 2016 10:29:18 Benjamin Kaduk wrote:
>> On 01/22/2016 01:14 PM, Hubert Kario wrote:
>>> On Friday 22 January 2016 10:39:26 Andrey Jivsov wrote:
>>> If we don't do it for HS in TLS first, we'll never get rid of it in
>>> X.509 certs. We need to start somewhere, and it's more reasonable to
>>> expect that hardware with support for new protocols will get updated
>>> for RSA-PSS handling than that libraries and hardware will suddenly
>>> start implementing it in droves just in anticipation of the time
>>> when CAs _maybe_ will start issuing certificates signed with RSA-PSS. 
>> Isn't it more a matter of TLS being a consumer of external PKIX
>> infrastructure, the web PKI, etc.?  They are out of the reach of the
>> IETF TLS working group; any requirements we attempted to impose would
>> be unenforceable, even if there was an Internet Police (which there
>> is not).
> TLS will happily use PKCS#1 v1.5 signed X.509 certificates, so how 
> exactly is creating a side effect of increasing the deployment rate of 
> RSA-PSS _in TLS implementations_ an "overreach"?!

There seems to be some confusion here; I am saying it would be an
overreach for us to insist that the X.509 certs we get use PSS.  The
best sense I can make out of this statement is that it is a response to
a claim that requiring PSS for TLS handshakes would be an overreach (it
is not).  Am I confused?

-Ben


[prev in list] [next in list] [prev in thread] [next in thread]