Hi folks,

I've just uploaded this PR to slightly tweak SignatureScheme numbering:

In principle, we should only have needed to burn values starting with known
HashAlgorithms, but TLS 1.2 said:

      This field indicates the signature algorithm that may be used.
      The values indicate anonymous signatures, RSASSA-PKCS1-v1_5
      [PKCS1] and DSA [DSS], and ECDSA [ECDSA], respectively.  The
      "anonymous" value is meaningless in this context but used in
      Section 7.4.3.  It MUST NOT appear in this extension.

We'd started RSA-PSS along the train to get shipped in Chrome to get early
warning on any interoperability issues. We ran into an implementation which
enforced this MUST NOT. It's a MUST NOT in 1.2, so it seems prudent to
allocate around it and avoid ending in known SignatureAlgorithms. Thus,
rather than only burning {0x00-0x06, *}, we also burn {*, 0x00-0x03}. This
has the added benefit that TLS 1.2 dissector tools don't get confused.

(I'm not sure how to express it in the enum syntax or IANA registry, so I
left it a TODO in the PR.)

TLS mailing list

Reply via email to