On 10/21/21 6:15 PM, Martin Thomson wrote:
You want to separate the use of PSS in the protocol from PSS in certificates.
Right now, certificates do not routinely include SPKI with PSS OIDs or PSS
signatures. Those are poorly supported. For example, in Firefox we have most
of the necessary support, but our certificate validation library - the last
link - is yet to be updated (or it has only very recently been updated; I'd
need to check).
Support for PSS in the protocol is different. However, most TLS 1.2 implementations will have PSS support by virtue of having a TLS 1.3 implementation.
Well, we've been thinking specifically about whether to recommend PSS
for TLS 1.2 implementations and deployments. Naturally you get PSS for
free if you've upgraded to TLS 1.3, but do we want to say that if you
haven't upgraded to TLS 1.3 yet you should update your TLS 1.2
implementation or deployment to add PSS?
Peter
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
