Mike Bishop has entered the following ballot position for draft-ietf-tls-tls13-pkcs1-06: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-pkcs1/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I've previously reviewed this document, and the changes are minor. It looks like a solid solution for these devices. I believe "N" is an appropriate value since that indicates the value "either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases" -- this document clearly describes why, despite having IETF consensus, it falls into the latter two buckets. However, it does seem clear that this document modifies restrictions in RFC8446(bis). While it defines new codepoints with differing behavior for the SignatureScheme enum and thus isn't changing the definition of those codepoints, it is modifying the requirement in CertificateVerify handling that `RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".` _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
