On 9 February 2017 at 08:17, Ilari Liusvaara wrote:
> If client includes RSA-PSS codepoints in its signature_algorithms,
> then:
>
> - The server handshake signature MAY be signed using RSA-PSS in TLS
> 1.2 or later. Yes, 1.2, not 1.3.
> - The certificate chain MAY
On Wed, Feb 08, 2017 at 07:34:16PM +, Timothy Jackson wrote:
> I have a question on RFC5246 (TLS 1.2) and how it’s going to interact with
> RSASSA-PSS as we roll out TLS 1.3. Does the prohibition against RSASSA-PSS
> apply only to the signatures that can be used for signing handshakes or
>
On 9 February 2017 at 07:20, Yoav Nir wrote:
> And it doesn’t help if the client does not provide the extension. The
> extension can restrict from among the set of supported algorithms, Its
> absence does not allow undefined algorithms.
Since TLS 1.3 defines code points for
> On 8 Feb 2017, at 21:34, Timothy Jackson wrote:
>
> I have a question on RFC5246 (TLS 1.2) and how it’s going to interact with
> RSASSA-PSS as we roll out TLS 1.3. Does the prohibition against RSASSA-PSS
> apply only to the signatures that can be used for signing
I have a question on RFC5246 (TLS 1.2) and how it’s going to interact with
RSASSA-PSS as we roll out TLS 1.3. Does the prohibition against RSASSA-PSS
apply only to the signatures that can be used for signing handshakes or does it
apply to the entire certificate chain as well? I ask because
For me, the main drawback here (besides the futuristic assumptions), is the
continued reliance on the DNS infrastructure. Even when using TLS, the DNS
is architecturally hostile to privacy, e.g., due to resolvers operated by
ISPs or the client subnet extension.
I'm sympathetic to the desire to