Re: [TLS] Adoption call for draft-davidben-tls13-pkcs1

Wed, 11 Dec 2019 05:22:26 -0800 

On Saturday, 7 December 2019 11:20:17 CET, Ilari Liusvaara wrote:

On Fri, Dec 06, 2019 at 11:09:48AM -0600, Darin Pettis wrote:
On Thu, Nov 14, 2019 at 4:43 PM Adam Langley <a...@imperialviolet.org> wrote: 
People on this list who manage large corporate networks may wish to pay
attention to this: while you may not have updated servers to TLS 1.3 yet,
eventually it'll happen and I suspect some will find a significant amount
of things like TPMs, in which you currently have client-certificate keys,
which only sign with PKCS#1 v1.5. Without this draft adopted and ...


Adam - Wanted to thank you for the call-out to people on the list managing

large corporate networks.  Looking into the mutual 
authentication supported

protocols issue that you and David raised.  Will evaluate potential future
impact.


There are also library issues where the physical device does allow
RSA-PSS (e.g., because they can perform raw RSA root on arbitrary
values[1]), but libraries/drivers do not support it.

One test I just tried:

- Smartcard capable of raw RSA.
- OpenSC PKCS#11 drivers.
- Firefox ESR 68
- Server supports TLS 1.3 (Accept RSA PKCS#1v1.5 client signatures is
  enabled[2]).

Result: Failed. Client hits internal error code SEC_ERROR_LIBRARY_FAILURE
[3].


That doesn't match my understanding of how NSS works – AFAIK, NSS (and as

such, Firefox), will try both raw RSA and rsa-pss signatures with the 
token,
depending on what kind of algorithms the token advertises. 

I think the issue was the old version of OpenSC, new versions can do 
rsa-pss

with rsa-raw:
https://bugzilla.redhat.com/show_bug.cgi?id=1595626
https://github.com/OpenSC/OpenSC/pull/1435


[1] Yeah, not great for security, but some devices are like that.

[2] That option was a hack to make things work with Firefox ESR 52,
which did send RSA PKCS#1v1.5 client signature (scheme 0x0401) in
comparable situation.

[3] My guess would be that browser asks drivers for RSA-PSS, which they
do not support, causing the error.


--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls























					Reply via email to