Okay that was a fail on my part I meant to put all 6 in. Updated the PR. spt
> On Mar 1, 2018, at 20:05, Martin Thomson <martin.thom...@gmail.com> wrote: > > I think that I was suggesting this: > > The following values SHALL be marked as > "Recommended": ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, > rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,rsa_pss_rsae_sha512, > rsa_pss_pss_sha256, rsa_pss_pss_sha384,rsa_pss_pss_sha512, and > ed25519. > > On Fri, Mar 2, 2018 at 11:45 AM, Sean Turner <s...@sn3rd.com> wrote: >> >>> On Mar 1, 2018, at 16:31, Martin Thomson <martin.thom...@gmail.com> wrote: >>> >>> On Fri, Mar 2, 2018 at 7:32 AM, Benjamin Kaduk <bka...@akamai.com> wrote: >>>> To expound a bit more on my thinking, pss_pss is what we actually want >>>> people to be using, thus it should be Recommended, but pss_rsae is what >>>> people are actually going to be using (to large extent), and that is >>>> still a deployment that we consider good and useful, for now. Maybe in >>>> 5 years the IESG can change those "yes"es to "no"s, of course. >>> >>> I think that I agree. For recommendations PSS is fine. If the >>> question is MTI, then I think we're stuck with pss_rsae. >> >> I’ll submitted a revised PR [0] to change that will swap out the >> rsa_pss_sha* with rsa_pss_rsae_sha*: >> >> OLD: >> >> The following values SHALL be marked as >> "Recommended": ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, >> rsa_pss_sha256, rsa_pss_sha384, rsa_pss_sha512, ed25519. >> >> NEW: >> >> The following values SHALL be marked as >> "Recommended": ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, >> rsa_pss_rsae_sha256, rsa_pss_rsae_sha384,rsa_pss_rsae_sha512, and >> ed25519. >> >> spt >> >> [0] https://github.com/tlswg/tls13-spec/pull/1159 _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls