On Fri, Dec 06, 2019 at 11:09:48AM -0600, Darin Pettis wrote: > On Thu, Nov 14, 2019 at 4:43 PM Adam Langley <a...@imperialviolet.org> wrote: > > People on this list who manage large corporate networks may wish to pay > > attention to this: while you may not have updated servers to TLS 1.3 yet, > > eventually it'll happen and I suspect some will find a significant amount > > of things like TPMs, in which you currently have client-certificate keys, > > which only sign with PKCS#1 v1.5. Without this draft adopted and > > implemented ahead of time, it's going to be painful. > > Adam - Wanted to thank you for the call-out to people on the list managing > large corporate networks. Looking into the mutual authentication supported > protocols issue that you and David raised. Will evaluate potential future > impact.
There are also library issues where the physical device does allow RSA-PSS (e.g., because they can perform raw RSA root on arbitrary values[1]), but libraries/drivers do not support it. One test I just tried: - Smartcard capable of raw RSA. - OpenSC PKCS#11 drivers. - Firefox ESR 68 - Server supports TLS 1.3 (Accept RSA PKCS#1v1.5 client signatures is enabled[2]). Result: Failed. Client hits internal error code SEC_ERROR_LIBRARY_FAILURE [3]. [1] Yeah, not great for security, but some devices are like that. [2] That option was a hack to make things work with Firefox ESR 52, which did send RSA PKCS#1v1.5 client signature (scheme 0x0401) in comparable situation. [3] My guess would be that browser asks drivers for RSA-PSS, which they do not support, causing the error. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
