On Thu, Nov 05, 2015 at 04:59:18PM -0500, Dave Garrett wrote:
> On Thursday, November 05, 2015 04:38:34 pm Viktor Dukhovni wrote:
> > I'd like it to say:
> >
> > * The signature algorithms of self-signed certificates are
> > not subject to any constraints on either the supplicant or
> > the verifier. They are not required to match the supported
> > signature algorithms of the peer, are not required to avoid
> > deprecated algorithms, and their self-signatures SHOULD NOT
> > be checked.
>
> Why "SHOULD NOT be checked"? I don't think it needs to say anything about
> checking self-signatures here, one way or another.
The verifier always has a trusted out-of-band copy of each
trust-anchor. Checking the self-signature may needlessly run into
problems when its deprecated algorithm is no longer even implemented
in the crypto library. And yet the trust-anchor is still fine.
If this is the only point on which I'm in the rough, so be it, but
as a starting position I think it makes to avoid needless breakage.
--
Viktor.
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
