[cabfpub] RSA-PSS in TLS 1.3

Adriano Santoni adriano.santoni at staff.aruba.it
Tue Jun 11 08:16:02 UTC 2019

Anybody knows of a public server using an SSL certificate signed with 


Il 01/03/2016 21:49, Peter Bowen ha scritto:
> Rick,
> One clarification related specifically to CA/Browser Forum:
> I do not see anything in the BRs that requires or forbids RSASSA-PSS.  Is there anything that prevents public CAs from issuing certificates with RSASSA-PSS (e.g RFC 4055/5756) signatures?
> Thanks,
> Peter
>> On Mar 1, 2016, at 12:12 PM, Rick Andrews <rick_andrews at symantec.com> wrote:
>> I'm cross-posting in case others want to participate in this discussion on
>> the IETF TLS Working Group. They're having a debate on whether TLS 1.3
>> should allow or require RSA-PSS signatures on TLS certificates.
>> It would be better to have the debate there instead of here, but I will
>> cross-post if anyone has a burning need to share but not join the WG.
>> -Rick
>> ----------------------------------------------------------------------
>> Message: 1
>> Date: Tue, 1 Mar 2016 21:20:39 +0200
>> From: Yoav Nir <ynir.ietf at gmail.com>
>> To: Alyssa Rowan <akr at akr.io>
>> Cc: tls at ietf.org
>> Subject: Re: [TLS] RSA-PSS in TLS 1.3
>> Message-ID: <BBA8149E-114A-49D3-8159-A87ADB545482 at gmail.com>
>> Content-Type: text/plain; charset=utf-8
>> On 1 Mar 2016, at 8:23 PM, Alyssa Rowan <akr at akr.io> wrote:
>>>> [YN] It would be cool to ban PKCS#1.5 from certificates, but we are
>>>> not the PKIX working group. Nor are we the CA/Browser forum.
>>>> When a CA issues a certificate it has to work with every client and
>>>> server out there, When we use TLS 1.3, the other side supports TLS
>>>> 1.3 as well, so it?s fair to assume that it knows PSS.
>>> Perhaps the PKIX working group and CAB/Forum could both use a friendly
>>> reminder not to ignore how perilous using RSA PKCS#1 v1.5 still remains?
>> Neither you nor I can post in any of the CA/Browser forum?s lists, because
>> neither of us has either a browser or a public CA.
>> There are some people who are active there and are reading this list, so
>> they might take such a proposal there. I?m not very optimistic, though.
>> While only CAs and browsers are members, they are keenly aware that even the
>> public CAs have a wide variety of relying parties, running all sorts of
>> software. And it?s much harder to scan clients than it is to scan servers,
>> so it?s difficult to say how many clients will not be able to connect to a
>> server with a certificate signed with RSA-PSS. Probably far too many for the
>> CA/BF to be comfortable deprecating PKCS#1.
>> The PKIX working group has shut down several years ago. The Curdle WG is a
>> new working group whose charter includes deprecating obsolete stuff. Perhaps
>> they might be interested.
>> Yoav
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190611/9531dd45/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4076 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190611/9531dd45/attachment-0002.p7s>

More information about the Public mailing list