RSA-PSS Warning

[Hagelkruys]

Hello,

if parsing a certificate with RSASSA-PSS Signing Algorithm the zlint gives a warning "e_signature_algorithm_not_supported"

In "\v3\lints\cabf_br\lint_signature_algorithm_not_supported.go" it states the following.

// The BRs do not forbid the use of RSA-PSS as a signature scheme in
// certificates but it is not broadly supported by user-agents. Since
// the BRs do not forbid the practice we return a warning result.
// NOTE: The Mozilla root program policy *does* forbid their use since v2.7.
// This should be covered by a lint scoped to the Mozilla source instead of in
// this CABF lint.

That isn't correct anymore.

• The baseline requirements allow RSASSA-PSS, see BR 7.1.3.2.1
• The Mozilla root program allows RSASSA-PSS, see https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ 5.1.1

On the contrary, you should not use RSA with PKCS1v1.5 anymore, see https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile&v=6 - 1.5 Dealing with Legacy Algorithms - RSA with PKCS1v1.5 padding

[zakird]

@Hagelkruys would you be willing to submit a PR to address this?

[Hagelkruys]

I looked into creating an PR for this and found why the current implementation gives a warning for RSA-PSS.

In the referenced mozilla root program (v2.7) there was a change that RSA-PSS is not allowed as id in the SubjectPublicKeyInfo field, thats also in the current mozilla root program policy and BR.

CAs MUST NOT use the id-RSASSA-PSS OID (1.2.840.113549.1.1.10) within a SubjectPublicKeyInfo to represent an RSA key.

The linting file above checks for the SigningAlgorithm, that is another field. so there seams to be a mixup of SigningAlgorithm and SubjectPublicKeyInfo identifier

[Hagelkruys]

I removed the warning and added the signature algorithm to the pass list.
PR ist here: #913