On Tue, Mar 01, 2016 at 03:56:53PM +1100, Martin Thomson wrote:
> It seems like others are taking the position that we should say "MUST
> NOT use PKCS#1.5". I would love for that to be the case, but I want
> to separate decision path for that, preferably one that is somewhat
> under my control. Once we have information about usage for each
> signature scheme, I'll be happy to arrange for another "break the web"
> day.
It is much easier to mandate PSS in TLS 1.3 now, than to remove it
later. Servers that can't do PSS will use TLS 1.2. This avoids
a break-the-web day.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
