https://github.com/tlswg/tls13-spec/pull/239
Based on the WG discussion, I've created a PR for adding support for PSS. The basic tactic I took is: - All in-protocol RSA signatures (i.e., in CertificateVerify) are PSS - You must use MGF1 with the same hash as you used for the content. - I added a rsa_pss SignatureAlgorithm field. The impact of this is that endpoints can sunset support for RSASSA-PKCS1 by omitting it from SignatureAlgorithms. Note that I didn't deprecate SHA-1 (something Hanno suggested) but I expect to in another PR based on WG consensus. Please take a look. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
