On 1 Mar 2016, at 8:23 PM, Alyssa Rowan <[email protected]> wrote: > > [YN] It would be cool to ban PKCS#1.5 from certificates, but we > > are not the PKIX working group. Nor are we the CA/Browser forum. > > When a CA issues a certificate it has to work with every client > > and server out there, When we use TLS 1.3, the other side supports > > TLS 1.3 as well, so it’s fair to assume that it knows PSS. > > Perhaps the PKIX working group and CAB/Forum could both use a friendly > reminder not to ignore how perilous using RSA PKCS#1 v1.5 still remains?
Neither you nor I can post in any of the CA/Browser forum’s lists, because neither of us has either a browser or a public CA. There are some people who are active there and are reading this list, so they might take such a proposal there. I’m not very optimistic, though. While only CAs and browsers are members, they are keenly aware that even the public CAs have a wide variety of relying parties, running all sorts of software. And it’s much harder to scan clients than it is to scan servers, so it’s difficult to say how many clients will not be able to connect to a server with a certificate signed with RSA-PSS. Probably far too many for the CA/BF to be comfortable deprecating PKCS#1. The PKIX working group has shut down several years ago. The Curdle WG is a new working group whose charter includes deprecating obsolete stuff. Perhaps they might be interested. Yoav _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
