Martin Thomson wrote: > On 21 October 2015 at 12:56, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: >> Each peer MUST try to send a chain that matches an advertised >> signature algorithm if it has a choice of chains, but otherwise >> MUST send whatever it has. > > Do, or do not. There is no try. > > It's not like any of this is ambiguous in any way.
This is NOT about digitally_signed, which the server newly creates himself, and therefore has a choice. Very few servers, if any, can (or will) create their own server certificate and chain certificates above on the fly during a TLS handshake. Instead, server's will have to choose their server certificate & chain from whatever the server admin has previously configured. So similar to TLS extension SNI, the server can only use the signature algorithms for guidance finding the best possible match for the clients conveyed preferences. Ultimately, it is up to the client to decide whether to accept an trust the server's certificate chain anyway. Even for a certificate chain with matching algorithms, the client may decide to abort because it doesn't trust the issuer of the server's certificate. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls