Strong support for this. TLS will be deployed with broken implementations and on broken systems. Anything the spec can do to limit or prevent damage is more than appropriate.
However, agreed that a SHOULD makes more sense, to avoid having discussions about OpenSSL not being compliant because of a different PRF. I've always been puzzled by pure-random ECDSA deployments anyway. On Sat, Jan 23, 2016 at 7:13 PM, Joseph Birr-Pixton <jpix...@gmail.com> wrote: > Hi, > > I'd like to propose that TLS1.3 mandates RFC6979 deterministic ECDSA. > > For discussion, here's a pull request with possible language: > > https://github.com/tlswg/tls13-spec/pull/406 > > Cheers, > Joe > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
