On 10/22/21 10:39 AM, Salz, Rich wrote:
Well, we've been thinking specifically about whether to recommend PSSfor TLS 1.2 implementations and deployments. Naturally you get PSS for free if you've upgraded to TLS 1.3, but do we want to say that if you haven't upgraded to TLS 1.3 yet you should update your TLS 1.2 implementation or deployment to add PSS?No, don't. It's highly unlike that the TLS 1.2 code will be updated to review and check the extra PSS parameters, so it gives you no additional security.
This has been my impression, too, but we want to check with the list. Peter _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
