To expound a bit more on my thinking, pss_pss is what we actually want people to be using, thus it should be Recommended, but pss_rsae is what people are actually going to be using (to large extent), and that is still a deployment that we consider good and useful, for now. Maybe in 5 years the IESG can change those "yes"es to "no"s, of course.
-Ben On 03/01/2018 02:15 PM, Sean Turner wrote: > I should note that Ben pointed out in the PR that we might need to specify > all 6 as recommended. I can kind of get behind that because before we were > doing PSS regardless of the identifier. Thoughts? > > spt > >> On Mar 1, 2018, at 09:58, Sean Turner <s...@sn3rd.com> wrote: >> >> I’ve submitted the following PR to make sure we answer IANA questions*: >> https://github.com/tlswg/tls13-spec/pull/1159 >> >> One thing I’d like to get input on is which of the RSA-PSS signature schemes >> should be recommended. The IANA considerations currently recommends >> rsa_pss_sha256, rsa_pss_sha384, and rsa_pss_sha512. But, we’ve changed the >> PSS identifiers to split them so now we’ve got different identifiers that >> follow and we need to make sure we indicate which ones get marked as >> Recommended: >> rsa_pss_rsae_sha256 >> rsa_pss_rsae_sha384 >> rsa_pss_rsae_sha512 >> rsa_pss_pss_sha256 >> rsa_pss_pss_sha384 >> rsa_pss_pss_sha512 >> >> I believe the intent was that we would specify three rsa_pss_rsae as >> Recommended. >> >> spt >> >> * IANA does a review of the IANA considerations section to make sure that >> they understand the requests we’ve made of them. >> >>> On Feb 15, 2018, at 16:13, The IESG <iesg-secret...@ietf.org> wrote: >>> >>> >>> The IESG has received a request from the Transport Layer Security WG (tls) >>> to >>> consider the following document: - 'The Transport Layer Security (TLS) >>> Protocol Version 1.3' >>> <draft-ietf-tls-tls13-24.txt> as Proposed Standard >>> >>> The IESG plans to make a decision in the next few weeks, and solicits final >>> comments on this action. Please send substantive comments to the >>> i...@ietf.org mailing lists by 2018-03-01. Exceptionally, comments may be >>> sent to i...@ietf.org instead. In either case, please retain the beginning >>> of >>> the Subject line to allow automated sorting. >>> >>> Abstract >>> >>> >>> This document specifies version 1.3 of the Transport Layer Security >>> (TLS) protocol. TLS allows client/server applications to communicate >>> over the Internet in a way that is designed to prevent eavesdropping, >>> tampering, and message forgery. >>> >>> >>> >>> >>> The file can be obtained via >>> https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/ >>> >>> IESG discussion can be tracked via >>> https://datatracker.ietf.org/doc/draft-ietf-tls-tls13/ballot/ >>> >>> The following IPR Declarations may be related to this I-D: >>> >>> https://datatracker.ietf.org/ipr/2900/ >>> >>> >>> >>> The document contains these normative downward references. >>> See RFC 3967 for additional information: >>> rfc8017: PKCS #1: RSA Cryptography Specifications Version 2.2 >>> (Informational - IETF stream) >>> >>> >>> > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls