On Tue, Mar 01, 2016 at 03:56:53PM +1100, Martin Thomson wrote: > It seems like others are taking the position that we should say "MUST > NOT use PKCS#1.5". I would love for that to be the case, but I want > to separate decision path for that, preferably one that is somewhat > under my control. Once we have information about usage for each > signature scheme, I'll be happy to arrange for another "break the web" > day.
It is much easier to mandate PSS in TLS 1.3 now, than to remove it later. Servers that can't do PSS will use TLS 1.2. This avoids a break-the-web day. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls