Ah, nice catch! That's unfortunate.... do we need to mark the document as updating 8446 with an update to just disregard that sentence?
(The sentence was, in hindsight, slightly silly. It was otherwise already implied by the text in Section 4.2.3. The RSASSA-PKCS1-v1_5 algorithms *already* aren't defined for use with CertificateVerify. It just gets in the way of defining new RSA algorithms later, like now. Ah well.) On Tue, Oct 21, 2025 at 5:08 PM Mike Bishop via Datatracker < [email protected]> wrote: > Mike Bishop has entered the following ballot position for > draft-ietf-tls-tls13-pkcs1-06: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-pkcs1/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I've previously reviewed this document, and the changes are minor. It looks > like a solid solution for these devices. I believe "N" is an appropriate > value > since that indicates the value "either has not been through the IETF > consensus > process, has limited applicability, or is intended only for specific use > cases" > -- this document clearly describes why, despite having IETF consensus, it > falls > into the latter two buckets. > > However, it does seem clear that this document modifies restrictions in > RFC8446(bis). While it defines new codepoints with differing behavior for > the > SignatureScheme enum and thus isn't changing the definition of those > codepoints, it is modifying the requirement in CertificateVerify handling > that > `RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether > RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms".` > > > >
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
