On Thu, Sep 22, 2016 at 2:33 AM, Hannes Tschofenig < [email protected]> wrote:
> Hi all, > > I need a clarification regarding the use of the signature algorithms. > > Reading Section 4.2.3. "Signature Algorithms" I got the impression that > there is a new extension being defined called > 'supported_signature_algorithms', > which replaces the previous 'signature_algorithm' extension. > > The difference between the 'signature_algorithm' extension in RFC 5246 and > the newly defined 'supported_signature_algorithms' extension is that the > new extension only contains the digital signature algorithm and not the > hash function anymore. > > If that's indeed the intention I would prefer if the text uses the > 'supported_signature_algorithms' rather than 'signature_algorithms'. > (as it is done in Section 4.4.2. "Certificate Verify"). Unfortunately the > term 'signature_algorithms' is used in many other places in the document > itself, including the IANA consideration section that makes a reference to > RFC 5246. > > Is it correct that the 'supported_signature_algorithms' extension > replaces the 'signature_algorithm' extension from RFC 5246? > Yes and no :) We've redefined the structure to be "signature and hash and curve in one code point" but we're just retconning the existing values and extension code point. -Ekr > Ciao > Hannes > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
