On Mon, 29 Feb 2016 12:35:57 -0800 Andrey Jivsov <cry...@brainhub.org> wrote:
> Without a generous advance warning about PKCS#1.5 removal by TLS 1.3, > we have to deal with already deployed hardware. Had vendors and > customers knew that TLS 1.3 will remove PKCS #1.5, we probably would > have ended up with more PSS-friendly Internet. Ok, look, I really would like to understand what you're trying to say here. What would such a warning look like? We have an RFC for PSS since 2003. We had several attacks showing the weakness of PKCS #1 1.5. Wasn't that warning enough? If not, how would such a warning look like? I'd really like to know, because we will have similar situations in the future and I'd like to avoid people lobbying in the background to continue supporting weak crypto. There will be some new TLS version some day and we will try to get better algorithms into it. So how do we warn you next time? -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgpNpM6LT2ltE.pgp
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
