On Mon, Dec 11, 2017 at 08:59:44AM +0100, Nikos Mavrogiannopoulos wrote: > On Tue, 2017-12-05 at 12:00 +0100, Nikos Mavrogiannopoulos wrote: > > On Mon, 2017-12-04 at 17:24 -0800, Eric Rescorla wrote: > > > Hi folks, > > > > > > I've put together a PR that attemps to address the PSS issue. > > > > > > See: > > > https://github.com/tlswg/tls13-spec/pull/1114 > > As I guess, we cannot mandate RSA-PSS private keys and certificates for > TLS1.3, I've followed up with a subsection on security considerations > for re-using the RSA and RSA-PSS private keys. That includes > recommendations to reduce the impact from cross-protocol attacks > affecting these keys. > > https://github.com/tlswg/tls13-spec/pull/1123
Some comments: - Shared keys between servers are fairly common. Some of those servers are very badly configured (e.g. Static RSA enabled). - If another server does not share key, but has certificate valid for the name, that certificate can be used as well. (These are the same considerations as for DROWN). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
