Hi TLS, We would like to re-introduce https://datatracker.ietf.org/doc/draft-davidben-tls13-pkcs1/ (it's intended for the TLS WG and the Standards track, despite what the document says at the top; we'll fix it as soon as the submission tool reopens).
In the course of TLS 1.3 deployment, it became apparent that a lot of hardware cryptographic devices used to protect TLS client certificate private keys cannot produce RSA-PSS signatures compatible with TLS. This draft would allow RSA-PKCS signatures in the client CertificateVerify messages (and not in any other contexts), as a way to unblock TLS 1.3 deployments. This is an unfortunate situation, and work is being done with hardware vendors to reduce the likelihood of similar issues in the future, but existing devices tend to stay around for years. Comments/suggestions are welcome, Cheers, Andrei
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
