[cabfpub] RSA-PSS in TLS 1.3
Ryan Sleevi
sleevi at google.com
Tue Mar 1 13:54:23 MST 2016
NSS doesn't support them, so that's a decent chunk of Firefox and Chrome
(OS, Linux, iOS) users.
On Tue, Mar 1, 2016 at 12:52 PM, Rick Andrews <Rick_Andrews at symantec.com>
wrote:
> Peter, no, nothing in the BRs forbids PSS. For all I know there may be CAs
> issuing certs with PSS signatures. But I don't think anyone has done a
> survey of browser and server support.
>
> -Rick
>
> > On Mar 1, 2016, at 12:49 PM, Peter Bowen <pzb at amzn.com> wrote:
> >
> > Rick,
> >
> > One clarification related specifically to CA/Browser Forum:
> >
> > I do not see anything in the BRs that requires or forbids RSASSA-PSS.
> Is there anything that prevents public CAs from issuing certificates with
> RSASSA-PSS (e.g RFC 4055/5756) signatures?
> >
> > Thanks,
> > Peter
> >
> >> On Mar 1, 2016, at 12:12 PM, Rick Andrews <rick_andrews at symantec.com>
> wrote:
> >>
> >> I'm cross-posting in case others want to participate in this discussion
> on
> >> the IETF TLS Working Group. They're having a debate on whether TLS 1.3
> >> should allow or require RSA-PSS signatures on TLS certificates.
> >>
> >> It would be better to have the debate there instead of here, but I will
> >> cross-post if anyone has a burning need to share but not join the WG.
> >>
> >> -Rick
> >>
> >> ----------------------------------------------------------------------
> >>
> >> Message: 1
> >> Date: Tue, 1 Mar 2016 21:20:39 +0200
> >> From: Yoav Nir <ynir.ietf at gmail.com>
> >> To: Alyssa Rowan <akr at akr.io>
> >> Cc: tls at ietf.org
> >> Subject: Re: [TLS] RSA-PSS in TLS 1.3
> >> Message-ID: <BBA8149E-114A-49D3-8159-A87ADB545482 at gmail.com>
> >> Content-Type: text/plain; charset=utf-8
> >>
> >>
> >> On 1 Mar 2016, at 8:23 PM, Alyssa Rowan <akr at akr.io> wrote:
> >>
> >>>> [YN] It would be cool to ban PKCS#1.5 from certificates, but we are
> >>>> not the PKIX working group. Nor are we the CA/Browser forum.
> >>>> When a CA issues a certificate it has to work with every client and
> >>>> server out there, When we use TLS 1.3, the other side supports TLS
> >>>> 1.3 as well, so it?s fair to assume that it knows PSS.
> >>>
> >>> Perhaps the PKIX working group and CAB/Forum could both use a friendly
> >>> reminder not to ignore how perilous using RSA PKCS#1 v1.5 still
> remains?
> >>
> >> Neither you nor I can post in any of the CA/Browser forum?s lists,
> because
> >> neither of us has either a browser or a public CA.
> >>
> >> There are some people who are active there and are reading this list, so
> >> they might take such a proposal there. I?m not very optimistic, though.
> >> While only CAs and browsers are members, they are keenly aware that
> even the
> >> public CAs have a wide variety of relying parties, running all sorts of
> >> software. And it?s much harder to scan clients than it is to scan
> servers,
> >> so it?s difficult to say how many clients will not be able to connect
> to a
> >> server with a certificate signed with RSA-PSS. Probably far too many
> for the
> >> CA/BF to be comfortable deprecating PKCS#1.
> >>
> >> The PKIX working group has shut down several years ago. The Curdle WG
> is a
> >> new working group whose charter includes deprecating obsolete stuff.
> Perhaps
> >> they might be interested.
> >>
> >> Yoav
> >>
> >>
> >> _______________________________________________
> >> Public mailing list
> >> Public at cabforum.org
> >> https://cabforum.org/mailman/listinfo/public
> >
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20160301/5fa1013b/attachment-0001.html
More information about the Public
mailing list