On February 6, 2019, a technical paper was published regarding a new attack on TLS 1.2 and 1.3 had been identified. Of course, the first thing that a lot of us wondered was, “Will the PCI SSC now kill off TLS 1.2 and 1.3?”
Before panic sets in, I am guessing that TLS 1.2/1.3 will not go away like SSL v3 and TLS 1.0/1.1 did before. The reason is that this is just another variation of the Bleichenbacher attacks that seem to crop up every so often regarding SSL and TLS. What is different about this attack is the new side-channel leak approach that was used.
The risk in this attack is best described from the researchers’ technical paper.
“… even though the use of RSA in secure connections is diminishing (only ≈6% of TLS connections currently use RSA [1, 51]), this fraction is still too high to allow vendors to drop this mode. Yet, as we show in Section VI, supporting this small fraction of users puts everyone at risk, as it allows the attacker to perform a downgrade attack by specifying RSA as the only public key algorithm supported by the server.”
The problem is all related to the use of RSA PKCS#1 v1.5 in TLS. The rest of protocol is just fine. So, at worst case I could see the Council recommending that RSA PKCS#1 v1.5 not be allowed to be used.
Which reminds me of years ago when the US banking regulators came out and stated that by a certain date, Internet Explorer 6 would no longer be allowed to be used for internet banking. According to the banks at the time, such a move by the regulators would create a support nightmare or, even worse, kill off internet banking. However, the date came, the banks turned off IE6 and little happened. Yes, there were a few days of higher than normal support calls about customers not being able to get into their accounts, but those quickly died off.
The issue with RSA PKCS#1 v1.5 is similar to the banking story. At what point do we draw the line on these sorts problems? 10% of users? 2% of users? 1% of users? In this case, 6% of the internet users are putting the remaining 94% at risk. Is it worth it? Each organization will have to determine if that risk is acceptable and justify why.