On Fri, Oct 14, 2016 at 05:15:48PM +0200, Hubert Kario wrote:
> On Friday, 14 October 2016 14:34:49 CEST Kazuho Oku wrote:
> > Considering that, to me it seems preferable if the draft stated that
> > both PKCS1 and SHA1 are obsoleted, and are allowed to be only used in
> > certificates. Or is
On Friday, 14 October 2016 14:34:49 CEST Kazuho Oku wrote:
> Considering that, to me it seems preferable if the draft stated that
> both PKCS1 and SHA1 are obsoleted, and are allowed to be only used in
> certificates. Or is there any need to handle PKCS1 and SHA1
> differently in protocol
Sorry for the fuss, I think I was confused.
Now my interpretation of the draft is as follows.
A server is expected to send a Certificate message that contains
certificates using the signature algorithms specified by the client,
with preference and exception rules defined in section 4.2.3
Hi,
In TLS 1.3, my understanding is that the digest function negotiated
using the Signature Algorithm should be used for generating
CertificateVerify, since the draft states that:
| Each SignatureScheme value lists a single signature algorithm that
the client is willing to verify.
| (section