On 01/25/2016 01:43 PM, Hubert Kario wrote: > On Monday 25 January 2016 10:29:18 Benjamin Kaduk wrote: >> On 01/22/2016 01:14 PM, Hubert Kario wrote: >>> On Friday 22 January 2016 10:39:26 Andrey Jivsov wrote: >>> If we don't do it for HS in TLS first, we'll never get rid of it in >>> X.509 certs. We need to start somewhere, and it's more reasonable to >>> expect that hardware with support for new protocols will get updated >>> for RSA-PSS handling than that libraries and hardware will suddenly >>> start implementing it in droves just in anticipation of the time >>> when CAs _maybe_ will start issuing certificates signed with RSA-PSS. >> Isn't it more a matter of TLS being a consumer of external PKIX >> infrastructure, the web PKI, etc.? They are out of the reach of the >> IETF TLS working group; any requirements we attempted to impose would >> be unenforceable, even if there was an Internet Police (which there >> is not). > TLS will happily use PKCS#1 v1.5 signed X.509 certificates, so how > exactly is creating a side effect of increasing the deployment rate of > RSA-PSS _in TLS implementations_ an "overreach"?!
There seems to be some confusion here; I am saying it would be an overreach for us to insist that the X.509 certs we get use PSS. The best sense I can make out of this statement is that it is a response to a claim that requiring PSS for TLS handshakes would be an overreach (it is not). Am I confused? -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls