I think that I was suggesting this: The following values SHALL be marked as "Recommended": ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384,rsa_pss_pss_sha512, and ed25519.
On Fri, Mar 2, 2018 at 11:45 AM, Sean Turner <s...@sn3rd.com> wrote: > >> On Mar 1, 2018, at 16:31, Martin Thomson <martin.thom...@gmail.com> wrote: >> >> On Fri, Mar 2, 2018 at 7:32 AM, Benjamin Kaduk <bka...@akamai.com> wrote: >>> To expound a bit more on my thinking, pss_pss is what we actually want >>> people to be using, thus it should be Recommended, but pss_rsae is what >>> people are actually going to be using (to large extent), and that is >>> still a deployment that we consider good and useful, for now. Maybe in >>> 5 years the IESG can change those "yes"es to "no"s, of course. >> >> I think that I agree. For recommendations PSS is fine. If the >> question is MTI, then I think we're stuck with pss_rsae. > > I’ll submitted a revised PR [0] to change that will swap out the rsa_pss_sha* > with rsa_pss_rsae_sha*: > > OLD: > > The following values SHALL be marked as > "Recommended": ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, > rsa_pss_sha256, rsa_pss_sha384, rsa_pss_sha512, ed25519. > > NEW: > > The following values SHALL be marked as > "Recommended": ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, > rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,rsa_pss_rsae_sha512, and > ed25519. > > spt > > [0] https://github.com/tlswg/tls13-spec/pull/1159 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls