> On Mar 1, 2018, at 16:31, Martin Thomson <[email protected]> wrote: > > On Fri, Mar 2, 2018 at 7:32 AM, Benjamin Kaduk <[email protected]> wrote: >> To expound a bit more on my thinking, pss_pss is what we actually want >> people to be using, thus it should be Recommended, but pss_rsae is what >> people are actually going to be using (to large extent), and that is >> still a deployment that we consider good and useful, for now. Maybe in >> 5 years the IESG can change those "yes"es to "no"s, of course. > > I think that I agree. For recommendations PSS is fine. If the > question is MTI, then I think we're stuck with pss_rsae.
I’ll submitted a revised PR [0] to change that will swap out the rsa_pss_sha* with rsa_pss_rsae_sha*: OLD: The following values SHALL be marked as "Recommended": ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, rsa_pss_sha256, rsa_pss_sha384, rsa_pss_sha512, ed25519. NEW: The following values SHALL be marked as "Recommended": ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,rsa_pss_rsae_sha512, and ed25519. spt [0] https://github.com/tlswg/tls13-spec/pull/1159 _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
