Re: [TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA

Hi, On Sat, 6 Aug 2016 18:54:56 -1000 Brian Smith wrote: > Also, I think it would be great if people working on proofs of > security for TLS could take into consideration the fact that > some--perhaps many--implementations will intentionally or accidentally > use some form of deterministic or le

[TLS] TLS 1.3: Deterministic RSA-PSS and ECDSA

The current draft says "It is RECOMMENDED that implementations implement 'deterministic ECDSA' as specified in [RFC6979]." The current draft also says, regarding RSA-PSS signatures: "When used in signed TLS handshake messages, the length of the salt MUST be equal to the length of the digest output.

Re: [TLS] draft-sullivan-tls-post-handshake-auth-00

On Sat, Aug 06, 2016 at 01:38:40AM +, Nick Sullivan wrote: > > > We discussed on this list a proposal to allow secondary certificate > authentication in HTTP/2 (https://tools.ietf.org/html/draft-bishop-httpbis- > http2-add