I need a clarification regarding the use of the signature algorithms.
Reading Section 4.2.3. "Signature Algorithms" I got the impression that
there is a new extension being defined called
'supported_signature_algorithms', which replaces the previous
The difference between the 'signature_algorithm' extension in RFC 5246
and the newly defined 'supported_signature_algorithms' extension is that
the new extension only contains the digital signature algorithm and not
the hash function anymore.
If that's indeed the intention I would prefer if the text uses the
'supported_signature_algorithms' rather than 'signature_algorithms'.
(as it is done in Section 4.4.2. "Certificate Verify"). Unfortunately
the term 'signature_algorithms' is used in many other places in the
document itself, including the IANA consideration section that makes a
reference to RFC 5246.
Is it correct that the 'supported_signature_algorithms' extension
replaces the 'signature_algorithm' extension from RFC 5246?
TLS mailing list