> On 29 Feb 2016, at 7:39 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > > On Mon, Feb 29, 2016 at 09:32:04AM -0800, Joseph Salowey wrote: > >> We seem to have good consensus on moving to RSA-PSS and away from PKCS-1.5 >> in TLS 1.3. However, there is a problem that it may take some hardware >> implementations some time to move to RSA-PSS. After an off list discussion >> with a few folks here is a proposal for moving forward. >> >> We make RSA-PSS mandatory to implement (MUST implement instead of MUST >> offer). Clients can advertise support for PKCS-1.5 for backwards >> compatibility in the transition period. >> Please respond on the list on whether you think this is a reasonable way >> forward or not. > > My instinct is to mandate PSS and let PKCS#1 rest in peace.
+1 As always, certificates are fine to be signed with PKCS#1, because we are not specifying certificate signatures, but in-protocol signatures *are* up to us. Yoav _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
