Thank you for your explanation, Eric! Xiaoyin
From: Eric Rescorla [mailto:e...@rtfm.com] Sent: Monday, September 19, 2016 7:13 PM To: Xiaoyin Liu <xiaoyi...@outlook.com> Cc: tls@ietf.org Subject: Re: [TLS] Should TLS 1.3 servers send "signature_algorithms" extensions On Mon, Sep 19, 2016 at 3:56 PM, Xiaoyin Liu <xiaoyi...@outlook.com<mailto:xiaoyi...@outlook.com>> wrote: Hello, There seems to be a conflict in the TLS 1.3 spec on whether servers should send “signature_algorithms” extension or not. In section 4.2.2 Signature Algorithms<https://tlswg.github.io/tls13-spec/#signature-algorithms>, it says: Servers which are authenticating via a certificate MUST indicate so by sending the client an empty “signature_algorithms” extension. But in section 8.2 MTI Extensions<https://tlswg.github.io/tls13-spec/#mti-extensions>, it says: Servers MUST NOT send the “signature_algorithms” extension So should a server send am empty “signature_algorithms” extension or not in ServerHello? Section 8.2 is a bug in the spec. Servers need to send sig_algs if they are signing. David Benjamin has suggested an alternative encoding which I may put in a future draft, but for -15, you need to send it. -Ekr Thank you! Xiaoyin _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls