Mohamed Boucadair has entered the following ballot position for draft-ietf-tls-tls13-pkcs1-06: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-pkcs1/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Hi David and Andrei, Thank you for the effort put into this specification. Updated the ballot [1] to take into account the feedback received so far (including off-list clarification from Paul; Thanks). The only pending point is: # Update RFC8446/RFC8446bis The provisions in this draft relax what used to be disallowed in 8446/8446bis. This reads like an update. Specifically, this part from RFC8446bis: and In addition, the signature algorithm MUST be compatible with the key in the sender's end-entity certificate. RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms". ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # FIPS 186-4 ## Please add a reference ## s/with FIPS 186-4/with US FIPS 186-4 # TLS Registries CURRENT: IANA is requested to create the following entries in the TLS SignatureScheme registry, defined in [RFC8446]. Isn’t draft-ietf-tls-rfc8447bis authoritative here for registry matters? I would replace the 8446 citation with draft-ietf-tls-rfc8447bis. Cheers, Med [1] https://mailarchive.ietf.org/arch/msg/tls/dimNOvXqeIaYflBK7s51J43p80U/ _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
