Regarding PKCS 1.5 in TLS 1.3, please also see slide 4 for a year 2015 version of the same motivation https://www.ietf.org/proceedings/94/slides/slides-94-tls-4.pdf .
On 7/29/19 5:15 PM, David Benjamin wrote: > Hi all, > > I’ve just uploaded a pair of drafts relating to signatures in TLS 1.3. > https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00 > https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00 > > The first introduces optional legacy codepoints for PKCS#1 v1.5 > signatures with client certificates. This is unfortunate, but I think we > should do it. On the Chrome side, we’ve encountered some headaches with > the TLS 1.3 PSS requirement which are unique to client certificates. The > document describes the motivations in detail. > > The second describes a batch signing mechanism for TLS using Merkle > trees. It allows TLS clients and servers to better handle signing load. > I think it could be beneficial for a number of DoS and remote key scenarios. > > Thoughts? > > David > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
