On Fri, 15 Dec 2017 11:47:54 -0500 Kathleen Moriarty <kathleen.moriarty.i...@gmail.com> wrote:
> Is there a reason why a migration to PCKS #1 v2.2 doesn't help for TLS > 1.2 and prior? I haven't noticed any discussion on that previously. Is > it just the code base and not those using it being unwilling to > upgrade supporting libraries? It depends... particularly if we talk about encryption or signatures. With Bleichenbacher attacks there are plenty of cross-protocol attack possibilities, this was one of the papers at the TRON workshop: https://www.nds.rub.de/media/nds/veroeffentlichungen/2015/08/21/Tls13QuicAttacks.pdf While I believe we certainly can't get rid of PKCS #1 1.5 signatures any time soon, I think we can get rid of PKCS #1 1.5 encryption (at least on the server side for HTTPS). The number of legit connections is really low. If you run servers please check if you can do that. (I'm also considering writing an RSA-kex-diediedie RFC when I find time for it.) -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
