On 18 February 2017 at 13:31, Dr Stephen Henson <[email protected]> wrote: > could a TLS 1.2 server legally present a certificate containing an > RSASSA-PSS key for an appropriate ciphersuite? Similarly could a client > present > a certificate contain an RSASSA-PSS key?
NSS, when configured to do so, will do just that. I wouldn't recommend it right now, but it is legal. Actually, if you offer support for validating PSS and end up negotiating 1.2, then you should be prepared to receive PSS signatures. It's a wee gotcha in the 1.3 spec. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
