On 18 February 2017 at 13:31, Dr Stephen Henson <li...@drh-consultancy.co.uk> wrote: > could a TLS 1.2 server legally present a certificate containing an > RSASSA-PSS key for an appropriate ciphersuite? Similarly could a client > present > a certificate contain an RSASSA-PSS key?
NSS, when configured to do so, will do just that. I wouldn't recommend it right now, but it is legal. Actually, if you offer support for validating PSS and end up negotiating 1.2, then you should be prepared to receive PSS signatures. It's a wee gotcha in the 1.3 spec. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls