I looks like we have consensus to move forward with this PR (PSS), please
apply the change. I think Russ's suggestion improves the text.
Thanks,
Joe
On Thu, Sep 10, 2015 at 1:18 PM, Eric Rescorla wrote:
> https://github.com/tlswg/tls13-spec/pull/239
>
> Based on the WG discussion, I've create
Line 2816 allows SHA-224 in certification paths. I do not think TLS 1.2
provided that support.
Russ
On Sep 10, 2015, at 7:28 PM, Dave Garrett wrote:
> On Thursday, September 10, 2015 04:18:24 pm Eric Rescorla wrote:
>> Note that I didn't deprecate SHA-1 (something Hanno suggested) but I expec
This text appears in two places (lines 3026 and 3180)
+Only RSA signatures based on RSASSA-PSS MAY be used, regardless of whether
+RSASSA-PKCS-v1_5 appears in "signature_algorithms".
I think it would be better to say:
+RSA signatures MUST be based on RSASSA-PSS, regardless of whether
+RSASSA-PKC
https://github.com/tlswg/tls13-spec/pull/239
Based on the WG discussion, I've created a PR for adding support for PSS.
The basic tactic I took is:
- All in-protocol RSA signatures (i.e., in CertificateVerify) are PSS
- You must use MGF1 with the same hash as you used for the content.
- I added a
