IETF Logo Mail Archive

[TLS] Mohamed Boucadair's Discuss on draft-ietf-tls-tls13-pkcs1-06: (with DISCUSS and COMMENT)

Mohamed Boucadair via Datatracker <noreply@ietf.org> Mon, 17 November 2025 09:01 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from [10.244.8.105] (unknown [4.156.85.76]) by mail2.ietf.org (Postfix) with ESMTP id 321BB8AD352D; Mon, 17 Nov 2025 01:01:47 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Mohamed Boucadair via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 12.54.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <176337010705.746218.8450704875232198278@dt-datatracker-5bd94c585b-wk4l4>
Date: Mon, 17 Nov 2025 01:01:47 -0800
Message-ID-Hash: EEZYOKIFFLYCO4773BR47XVR6NIK2PV5
X-Message-ID-Hash: EEZYOKIFFLYCO4773BR47XVR6NIK2PV5
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-tls-tls13-pkcs1@ietf.org, tls-chairs@ietf.org, tls@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: Mohamed Boucadair <mohamed.boucadair@orange.com>
Subject: [TLS] Mohamed Boucadair's Discuss on draft-ietf-tls-tls13-pkcs1-06: (with DISCUSS and COMMENT)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/10KB6SxrHhHfwcI7on_SOTja8lE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

Mohamed Boucadair has entered the following ballot position for
draft-ietf-tls-tls13-pkcs1-06: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-pkcs1/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Hi David and Andrei,

Thank you for the effort put into this specification.

Updated the ballot [1] to take into account the feedback received so far
(including off-list clarification from Paul; Thanks).

The only pending point is:

# Update RFC8446/RFC8446bis

The provisions in this draft relax what used to be disallowed in 8446/8446bis.
This reads like an update.

Specifically, this part from RFC8446bis:

and

   In addition, the signature algorithm MUST be compatible with the key
   in the sender's end-entity certificate.  RSA signatures MUST use an
   RSASSA-PSS algorithm, regardless of whether RSASSA-PKCS1-v1_5
   algorithms appear in "signature_algorithms".


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

# FIPS 186-4

## Please add a reference

## s/with FIPS 186-4/with US FIPS 186-4

# TLS Registries

CURRENT:
   IANA is requested to create the following entries in the TLS
   SignatureScheme registry, defined in [RFC8446].

Isn’t draft-ietf-tls-rfc8447bis authoritative here for registry matters? I
would replace the 8446 citation with draft-ietf-tls-rfc8447bis.

Cheers,
Med

[1] https://mailarchive.ietf.org/arch/msg/tls/dimNOvXqeIaYflBK7s51J43p80U/

v2.35.0 | Report a Bug | By Email | System Status