> On 20 Oct 2015, at 10:42 AM, Yoav Nir <ynir.i...@gmail.com> wrote: > > >> - In public key validation, X448 resists invalid point attacks >> the same way as X25519 (of course, all bits of X448 public >> keys can be nonzero, as the value can get to almost 256^56). >> - The document still does have restrictions on algorithms used >> to sign the certificate. AFAIK, TLS 1.2 (RFC5246) lifted all >> such restrictions (at least sections 2.2, 5.3 and 5.6). > > Weird. I had intended to do that. I will create a pull request for this.
https://github.com/tlswg/rfc4492bis/pull/10/files Yoav _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls