Hi all, I’ve just uploaded a pair of drafts relating to signatures in TLS 1..3. https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00 https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00
The first introduces optional legacy codepoints for PKCS#1 v1.5 signatures with client certificates. This is unfortunate, but I think we should do it. On the Chrome side, we’ve encountered some headaches with the TLS 1..3 PSS requirement which are unique to client certificates. The document describes the motivations in detail. The second describes a batch signing mechanism for TLS using Merkle trees. It allows TLS clients and servers to better handle signing load. I think it could be beneficial for a number of DoS and remote key scenarios. Thoughts? David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
