On Monday, 19 July 2021 21:37:08 CEST, Peter Gutmann wrote:
Hubert Kario <hka...@redhat.com> writes:
It only doesn't matter if you don't want to verify the certificate...
It's one thing to be able to be able to verify an RSA-PSS signature on TLS
level, it's entirely another to be able to properly handle all
the different
RSA-PSS limitations when using it in SPKI in X.509.
Is there anything that's jumped through all the hoops to
implement the complex
mess that is PSS but then not added the few lines of code you need do verify
it in certificates? And if so, why?
I suggest you go back to the RFCs and check exactly what is needed for
proper
handling of RSA-PSS Subject Public Key type in X.509. Specifically when the
"parameters" field is present.
You definitely won't be able to implement it in just "few lines".
In any case it's still encoding a minor implementation artefact of the
certificate library being used into the TLS protocol, where it
has absolutely
no place. You either do PSS or you don't, and the TLS layer doesn't need to
know what magic number you use to identify it in certificates.
1. It's not minor
2. "What certificates can peer accept" is totally within the purview of
TLS.
It's like that for Raw keys, it's like that for GPG certificates, it's
like that for RSA vs ECDSA vs DSA certificates, and now it's also for
RSA-PSS.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
