Remove requirement to use PSS, consistent with suggestion from DavidBen#1399
Remove requirement to use PSS, consistent with suggestion from DavidBen#1399ekr wants to merge 1 commit intotlswg:mainfrom
Conversation
ekr
force-pushed
the
remove_pkcs1_requirement
branch
from
313c8d8 to
bfc3ac8
Compare
davidben
left a comment
davidben
left a comment
There was a problem hiding this comment.
LGTM.
For posterity, what this does is make PSS's allowed status implicit from the semantics of the particular SignatureScheme codepoints which are active. For the codepoints defined in this document, the net effect of this PR is a no-op, because the PKCS1 algorithms are already defined as (emphasis mine):
Indicates a signature algorithm using RSASSA-PKCS1-v1_5 [RFC8017] with the corresponding hash algorithm as defined in [SHS]. These values refer solely to signatures which appear in certificates (see Section 4.4.2.2) and are not defined for use in signed TLS handshake messages, although they MAY appear in "signature_algorithms" and "signature_algorithms_cert" for backward compatibility with TLS 1.2.
However, this opens the door for other SignatureSchemes to define other semantics, notably draft-ietf-tls-tls13-pkcs1.
|
Note that this document is with the RPC, so this PR is going to be held pending Auth48 |
paulwouters
left a comment
paulwouters
left a comment
There was a problem hiding this comment.
Please note this change of behaviour in the "Relationship to RFC 8446" Section as well
5 participants
No description provided.