> On 2 Mar 2016, at 11:16 AM, Rob Stradling <[email protected]> wrote: > > On 02/03/16 09:10, Rob Stradling wrote: > <snip> >>> Neither you nor I can post in any of the CA/Browser forum’s lists, >>> because neither of us has either a browser or a public CA. >>> >>> There are some people who are active there and are reading this list, >>> so they might take such a proposal there. I’m not very optimistic, >>> though. >> >> Please don't give up without even trying! >> >> If you have a proposal, I'd be happy to post it to the >> [email protected] list on your behalf. > > Oh, somebody else beat me to it: > > https://cabforum.org/pipermail/public/2016-March/006910.html
Right. And the response was that while PSS in in NSS, it’s not in Firefox. No word on the other browsers out there, and definitely no word on a bunch of non-browser clients that connect to servers using certificates from the public CA. I totally understand that the commercial CAs cannot afford to deprecate PKCS#1 now. It might be prudent to announce some long-term deprecation plan such as the one for SHA-1 signatures. We can hope that by the time the transition is complete RSA will have been abandoned in favor of ECDSA and/or EDDSA, but I would not bet on it. Yoav _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
