On 1 March 2016 at 04:32, Joseph Salowey <j...@salowey.net> wrote: > We make RSA-PSS mandatory to implement (MUST implement instead of MUST > offer). Clients can advertise support for PKCS-1.5 for backwards > compatibility in the transition period.
>From my perspective, this is fine. I would like to say that we won't ever support PKCS#1.5 for TLS 1.3, but I think that I would rather have users on 1.3 with PKCS#1.5 than have them stuck on 1.2. It seems like others are taking the position that we should say "MUST NOT use PKCS#1.5". I would love for that to be the case, but I want to separate decision path for that, preferably one that is somewhat under my control. Once we have information about usage for each signature scheme, I'll be happy to arrange for another "break the web" day. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
