On Mon, Sep 19, 2016 at 3:56 PM, Xiaoyin Liu <xiaoyi...@outlook.com> wrote:

> Hello,
>
>
>
> There seems to be a conflict in the TLS 1.3 spec on whether servers should
> send “signature_algorithms” extension or not. In section 4.2.2 Signature
> Algorithms <https://tlswg.github.io/tls13-spec/#signature-algorithms>, it
> says:
>
> Servers which are authenticating via a certificate MUST indicate so by
> sending the client an empty “signature_algorithms” extension.
>
>
>
> But in section 8.2 MTI Extensions
> <https://tlswg.github.io/tls13-spec/#mti-extensions>, it says:
>
> Servers MUST NOT send the “signature_algorithms” extension
>
>
>
> So should a server send am empty “signature_algorithms” extension or not
> in ServerHello?
>

Section 8.2 is a bug in the spec. Servers need to send sig_algs if they are
signing.

David Benjamin has suggested an alternative encoding which I may put in a
future draft, but for -15, you need to send it.

-Ekr


>
> Thank you!
>
> Xiaoyin
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to