Thank you for your explanation, Eric!


From: Eric Rescorla []
Sent: Monday, September 19, 2016 7:13 PM
To: Xiaoyin Liu <>
Subject: Re: [TLS] Should TLS 1.3 servers send "signature_algorithms" extensions

On Mon, Sep 19, 2016 at 3:56 PM, Xiaoyin Liu 
<<>> wrote:

There seems to be a conflict in the TLS 1.3 spec on whether servers should send 
“signature_algorithms” extension or not. In section 4.2.2 Signature 
Algorithms<>, it says:
Servers which are authenticating via a certificate MUST indicate so by sending 
the client an empty “signature_algorithms” extension.

But in section 8.2 MTI 
Extensions<>, it says:
Servers MUST NOT send the “signature_algorithms” extension

So should a server send am empty “signature_algorithms” extension or not in 

Section 8.2 is a bug in the spec. Servers need to send sig_algs if they are 

David Benjamin has suggested an alternative encoding which I may put in a 
future draft, but for -15, you need to send it.


Thank you!

TLS mailing list<>

TLS mailing list

Reply via email to