On 07/06/2016 10:23 AM, Joseph Salowey wrote: > I don't think we ever call consensus on this topic. It looks like there > is rough consensus to move forward with RSA-PSS as the MUST implement > algorithm for certificate verify in TLS 1.3 and not allow PKCS-1.5. > During the discussion it also seemed that it is realistic that we may > want to add additional types in the future. We may want better > separation of signature types of certificates and certificate verify. > > Cheers, > > J&S
Was it really the consensus that the group didn't want to allow PKCS-1.5 negotiated for handshake signatures (for certificate verifies)? TLS 1.3 currently allows this agility for other signatures: the signatures in X.509 certificates. Nobody has objections to a MUST implement and MUST prefer RSA-PSS in TLS 1.3. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
