On Tue, Sep 20, 2016 at 03:07:51PM +0000, David Benjamin wrote: > Hi folks, > > I've just uploaded this PR to slightly tweak SignatureScheme numbering: > https://github.com/tlswg/tls13-spec/pull/641 > > In principle, we should only have needed to burn values starting with known > HashAlgorithms, but TLS 1.2 said: > > signature > This field indicates the signature algorithm that may be used. > The values indicate anonymous signatures, RSASSA-PKCS1-v1_5 > [PKCS1] and DSA [DSS], and ECDSA [ECDSA], respectively. The > "anonymous" value is meaningless in this context but used in > Section 7.4.3. It MUST NOT appear in this extension. > > We'd started RSA-PSS along the train to get shipped in Chrome to get early > warning on any interoperability issues. We ran into an implementation which > enforced this MUST NOT. It's a MUST NOT in 1.2, so it seems prudent to > allocate around it and avoid ending in known SignatureAlgorithms. Thus, > rather than only burning {0x00-0x06, *}, we also burn {*, 0x00-0x03}. This > has the added benefit that TLS 1.2 dissector tools don't get confused.
Heck, I think one could put the RSA-PSS ones as 0404, 0504 and 0604, as those do have the indicated "prehashes". And one could probably also stick Ed25519/Ed448 in 00xx, as those have no prehash, which is exactly what "hash #0" is about. (Of course, this all is pretty pointless bikeshedding). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls