> On 2 Mar 2016, at 5:57 PM, Eric Rescorla <e...@rtfm.com> wrote: > > > > On Wed, Mar 2, 2016 at 1:25 AM, Yoav Nir <ynir.i...@gmail.com > <mailto:ynir.i...@gmail.com>> wrote: > > > On 2 Mar 2016, at 11:16 AM, Rob Stradling <rob.stradl...@comodo.com > > <mailto:rob.stradl...@comodo.com>> wrote: > > > > On 02/03/16 09:10, Rob Stradling wrote: > > <snip> > >>> Neither you nor I can post in any of the CA/Browser forum’s lists, > >>> because neither of us has either a browser or a public CA. > >>> > >>> There are some people who are active there and are reading this list, > >>> so they might take such a proposal there. I’m not very optimistic, > >>> though. > >> > >> Please don't give up without even trying! > >> > >> If you have a proposal, I'd be happy to post it to the > >> pub...@cabforum.org <mailto:pub...@cabforum.org> list on your behalf. > > > > Oh, somebody else beat me to it: > > > > https://cabforum.org/pipermail/public/2016-March/006910.html > > <https://cabforum.org/pipermail/public/2016-March/006910.html> > > Right. And the response was that while PSS in in NSS, it’s not in Firefox. No > word on the other browsers out there, and definitely no word on a bunch of > non-browser clients that connect to servers using certificates from the > public CA. > > For what it's worth, I expect PSS support to appear in Firefox sometime in the > not too distant future, since it's clear we need it for 1.3 and it's not much > effort > to add it for 1.2 and below.
I expect the version of our firewall that comes out in 2017 will support PSS as well in TLS and the PKI. The enterprise CA part of the product? Probably not because it has to support the legacy. Yoav
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
