Thank you for your explanation, Eric! Xiaoyin
From: Eric Rescorla [mailto:[email protected]] Sent: Monday, September 19, 2016 7:13 PM To: Xiaoyin Liu <[email protected]> Cc: [email protected] Subject: Re: [TLS] Should TLS 1.3 servers send "signature_algorithms" extensions On Mon, Sep 19, 2016 at 3:56 PM, Xiaoyin Liu <[email protected]<mailto:[email protected]>> wrote: Hello, There seems to be a conflict in the TLS 1.3 spec on whether servers should send “signature_algorithms” extension or not. In section 4.2.2 Signature Algorithms<https://tlswg.github.io/tls13-spec/#signature-algorithms>, it says: Servers which are authenticating via a certificate MUST indicate so by sending the client an empty “signature_algorithms” extension. But in section 8.2 MTI Extensions<https://tlswg.github.io/tls13-spec/#mti-extensions>, it says: Servers MUST NOT send the “signature_algorithms” extension So should a server send am empty “signature_algorithms” extension or not in ServerHello? Section 8.2 is a bug in the spec. Servers need to send sig_algs if they are signing. David Benjamin has suggested an alternative encoding which I may put in a future draft, but for -15, you need to send it. -Ekr Thank you! Xiaoyin _______________________________________________ TLS mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
