A quick update: I've uploaded -01 of tls-batch-signing which should address the various comments that have come in thus far. https://tools.ietf.org/html/draft-davidben-tls-batch-signing-01
On Tue, Jul 30, 2019 at 3:09 PM David Benjamin <[email protected]> wrote: > Oops. draft-davidben-tls-batch-signing-00 cites > draft-davidben-http2-tls13-00. That should be > draft-davidben-tls13-pkcs1-00. (The XML file took a really long time to be > created, so I manually tried to recreate it based on another file and > forgot to update one of the fields.) I'll fix this in -01. > > On Mon, Jul 29, 2019 at 8:15 PM David Benjamin <[email protected]> > wrote: > >> Hi all, >> >> I’ve just uploaded a pair of drafts relating to signatures in TLS 1.3. >> https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00 >> https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00 >> >> The first introduces optional legacy codepoints for PKCS#1 v1.5 >> signatures with client certificates. This is unfortunate, but I think we >> should do it. On the Chrome side, we’ve encountered some headaches with the >> TLS 1.3 PSS requirement which are unique to client certificates. The >> document describes the motivations in detail. >> >> The second describes a batch signing mechanism for TLS using Merkle >> trees. It allows TLS clients and servers to better handle signing load. I >> think it could be beneficial for a number of DoS and remote key scenarios. >> >> Thoughts? >> >> David >> >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
