On Mar 1, 2016 10:23 AM, "Alyssa Rowan" <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2016-03-01 11:35, Yoav Nir wrote: > > >>> [HB] We have an RFC for PSS since 2003. We had several attacks > >>> showing the weakness of PKCS #1 1.5. > > And so (maybe not entirely coincidentally!): another attack, dubbed > DROWN, just emerged¹, using SSLv2 as - you guessed it - a > Bleichenbacher padding oracle against RSA PKCS#1 v1.5!
PSS doesn't help against Bleichenbacher attacks on encryption. The attack still can compute a private key operation. What we really need is key seperation or use of ECC certs only. > > (Please do stop me if you've heard this one before! <g>) > > >> [AJ] Why not ban PKCS #1.5 altogether from TLS 1.3? It will not > >> only make TLS 1.3 more secure, but code simpler and footprint > >> smaller. Besides, it's reasonable: TLS 1.2 already allows PSS in > >> X.509 > > A very strong +1 as far as I'm concerned. > > > [YN] It would be cool to ban PKCS#1.5 from certificates, but we > > are not the PKIX working group. Nor are we the CA/Browser forum. > > When a CA issues a certificate it has to work with every client > > and server out there, When we use TLS 1.3, the other side supports > > TLS 1.3 as well, so it’s fair to assume that it knows PSS. > > Perhaps the PKIX working group and CAB/Forum could both use a friendly > reminder not to ignore how perilous using RSA PKCS#1 v1.5 still remains? > ___ > [1] <https://drownattack.com/drown-attack-paper.pdf> > > - -- > /akr > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJW1d4SAAoJEOyEjtkWi2t6kIQP/2Ziaeu2RGqHqV1Oa6dB0+Go > iPbrrHe9C7l7yHxWfhur6ldGUnqAKyzhD5X0RHby0lbpXTcBFQjWPQ3shZE8CUV2 > mM4N2UyoAu5w1kOkSvHImeWrtdOPDTBTZhwFJjzEHtLkri6+CXzKE82B94WfhX8/ > ddQxg9uaV7eDEcW4um+vn0NG/+IuiJvfVTX7YtNj0yVSvEO7bm6/WRHsWV0FaQ+C > HtNawk+KP966PLUPH1N6vBvhNpiZkMtv3QUsKbzAQDn8SPfXHWGy2CBxPLjtIv2w > dTmY9dOxJsc7KswtM7DJQqx7azgeGAlLc8MV1PyXw1fIq2qtVI4Fk1+DNrMteC5B > cNkez/nPwR01FFj3QV5OnbpcqIX1v9nmGrpDuFw+99xcMjgRrSRc3boclV8/H0PA > k8XllkgmXj75TkqSkPV1YXVwOJAT65Uwke7tKHf4TwXSwz+qZVji+y8ZqZ7ACs2/ > Pp3IrlNLuJUmFjE+p8zhhEQU6fQjEdkAxT/3KY8/1nKxlXByFVHu1p1jZk7aWBtw > aSEDLCI4XKKAJ118yXRtHXxA7LGNujsBYCoSp1A4Rkce57Ea7iuVd4pmctbMgiTA > g3UAb7cE4NflzRyQd1Gbycu6wenovj9bOD4HRdTuADRdfGpXv8HMEG+eOUuE7DHx > Af4y+IDpfW7HTraWjiKX > =iX03 > -----END PGP SIGNATURE----- > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
