Nikos Mavrogiannopoulos <n...@redhat.com> writes: >TLS 1.3 requiring a different key type, will provide an incentive for them to >update.
No, it'll be an incentive for them to ignore the requirement, or work around it. The S/MIME WG looked at this years ago when they considered tying AES use to RSA-PSS/OAEP, the plan being to use the adoption of AES to try and force adoption of RSA-not-PKCS1.5. It was canned pretty quickly: No implementation support, no CA support, no HSM/smart card support, and you'd have to somehow figure out how to set up keys so they couldn't be used with PKCS # 1.5 any more in an environment where everything did PKCS #1.5. (I realise this was a long time ago, so now it'll be more like little implementation support, no CA support, little to no HSM/smart card support, and the same thing about the environment. And, as long as you do PKCS #1.5 as encode-then-compare as per the spec, no particular motivation to move to PSS). Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
