Hello, For RSA PSS, I would suggest to consider: rsa_pss_shake128 rsa_pss_shake256 where SHAKE128 (or 256), as an exendable output function (XOF), directly replaces the mask generating function MGF.
This would make RSA PSS simpler and more efficient. Kind regards, Gilles On 01/09/16 19:38, Hubert Kario wrote: > The SHA-3 standard is already published and accepted[1], shouldn't TLSv1.3 > include signatures with those hashes then? > > I think at least the following signature algorithms should be added: > ecdsa_secp256r1_sha3_256 > ecdsa_secp384r1_sha3_384 > ecdsa_secp521r1_sha3_512 > > rsa_pss_sha3_256 > rsa_pss_sha3_384 > rsa_pss_sha3_512 > > 1 - https://www.federalregister.gov/articles/2015/08/05/2015-19181/ > announcing-approval-of-federal-information-processing-standard-fips-202-sha-3- > standard _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
