Definitely won’t, but I first want to know if this is actually a problem.
I’ll ask on the CFRG list. Yoav > On 19 Nov 2016, at 1:38, Valery Smyslov <[email protected]> wrote: > > Hi Yoav, > > or the servers must be provided with two certificates – one for TLS 1.2 > and the other for TLS 1.3, that won’t make server owners happy. > > I think it is a good idea to raise this issue in TLS WG. > > Regards, > Valery. > > > > From: Yoav Nir <mailto:[email protected]> > Sent: 19 ноября 2016 г. 7:21 > To: Tero Kivinen <mailto:[email protected]> > Cc: [email protected] WG <mailto:[email protected]>; Watson Ladd > <mailto:[email protected]> > Subject: Re: [IPsec] Take a stand for key hygine > > > > On 18 Nov 2016, at 5:38, Tero Kivinen <[email protected]> wrote: > > > > Watson Ladd writes: > >> I might be confused, but the slides in > >> https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-signature-forms-ambiguity-in-ikev2-00.pdf > >> seem to very clearly want something else. Apologies for my > >> insufficient context inclusion. > > > > Yes, with RSA I think it might be quite common for people to use same > > key for both RSA PKCS#1 v1.5 and RSA-PSS, and there is not really > > anything we can do for that. > > If that is a problem, then it is more serious for TLS. TLS 1.2 has only > PKCS#1. TLS 1.3 has only PSS. So a server that uses a single certificate > with RSA for both versions (probably most servers in 1-2 years) will be > producing both kinds of signatures from the same key. > > If that’s a problem, it should be raised during WGLC of TLS 1.3 (which si now) > > Yoav > _______________________________________________ > IPsec mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/ipsec > <https://www.ietf.org/mailman/listinfo/ipsec>
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
