Hi all,

I need a clarification regarding the use of the signature algorithms.

Reading Section 4.2.3. "Signature Algorithms" I got the impression that there is a new extension being defined called 'supported_signature_algorithms', which replaces the previous 'signature_algorithm' extension.

The difference between the 'signature_algorithm' extension in RFC 5246 and the newly defined 'supported_signature_algorithms' extension is that the new extension only contains the digital signature algorithm and not the hash function anymore.

If that's indeed the intention I would prefer if the text uses the 'supported_signature_algorithms' rather than 'signature_algorithms'. (as it is done in Section 4.4.2. "Certificate Verify"). Unfortunately the term 'signature_algorithms' is used in many other places in the document itself, including the IANA consideration section that makes a reference to RFC 5246.

Is it correct that the 'supported_signature_algorithms' extension replaces the 'signature_algorithm' extension from RFC 5246?


TLS mailing list

Reply via email to