We seem to have good consensus on moving to RSA-PSS and away from PKCS-1.5 in TLS 1.3. However, there is a problem that it may take some hardware implementations some time to move to RSA-PSS. After an off list discussion with a few folks here is a proposal for moving forward.
We make RSA-PSS mandatory to implement (MUST implement instead of MUST offer). Clients can advertise support for PKCS-1.5 for backwards compatibility in the transition period. Please respond on the list on whether you think this is a reasonable way forward or not. Thanks, J&S
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
