Tech Corner: SP 800-56B and RSAES-PKCS1-v1.5 Update
Near the end of 2017, NIAP issued and later retracted
Labgram #106. This Labgram warned that RSAES-PKCS1-v1.5 would be disallowed by
NIST after 2017 which meant that it would also be disallowed by NIAP after 2017
in CC evaluations. The reason for the retraction was because NIST delayed the
publication of their update to NIST SP 800-56B that would effectively disallow RSAES-PKCS1-v1.5-based
establishment schemes.
In practice, this disallowance meant that all TLS
ciphersuites starting with TLS_RSA_* would be disallowed for use with TLS v1.2
and earlier. This is a large set of commonly supported TLS ciphersuites.
Removing them from use would leave only the DH and ECDH-based ciphersuites
available for use in TLS.
This update is just to inform you that RSAES-PKCS1-v1.5 is
still allowed by NIST and NIAP. We hope to receive updated information from
NIST on the SP 800-56B revision at the ICMC conference May 8-11, 2018 in
Ontario, Canada.
In the meantime, please be proactive and prepare your
products for the eventual disallowance of RSAES-PKCS1-v1.5 and its associated
TLS ciphersuites. Also note that the new TLS 1.3 standard has removed support
for the static RSA and DH ciphersuites in favor of DHE/ECDHE, pre-shared keys
(PSKs), and PSKs with DHE/ECDHE. Thus, static RSA and DH ciphersuites will eventually
become a thing of the past in TLS as well as the DSA, MD5, and SHA-224
algorithms.
~Scott Chapman
No comments:
Post a Comment
Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.