On Wed, May 30, 2018 at 2:53 PM Andrey Jivsov <cry...@brainhub.org> wrote: > The quoted text quoted is old. The need to upgrade TLS 1.2 code if I > support TLS 1.3 is new.
No, I'm certain we had that discussion too. > I am curious about the scenarios when is this upgrade of TLS 1.2 to PSS > will take place? When people deploy TLS 1.3. Which is happening already. You can avoid the need as a server because a client willing to do TLS 1.2 will probably offer RSASSA PKCS#1 v1.5 and you can rely on that being there. But yeah, clients are going to have to suck it up. Here's the text, which I think is pretty clear: " Implementations that advertise support for RSASSA-PSS (which is mandatory in TLS 1.3), MUST be prepared to accept a signature using that scheme even when TLS 1.2 is negotiated. " _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
