On Thu, Sep 22, 2016 at 2:33 AM, Hannes Tschofenig <
hannes.tschofe...@gmx.net> wrote:

> Hi all,
>
> I need a clarification regarding the use of the signature algorithms.
>
> Reading Section 4.2.3. "Signature Algorithms" I got the impression that
> there is a new extension being defined called 
> 'supported_signature_algorithms',
> which replaces the previous 'signature_algorithm' extension.
>
> The difference between the 'signature_algorithm' extension in RFC 5246 and
> the newly defined 'supported_signature_algorithms' extension is that the
> new extension only contains the digital signature algorithm and not the
> hash function anymore.
>

> If that's indeed the intention I would prefer if the text uses the
> 'supported_signature_algorithms' rather than 'signature_algorithms'.
> (as it is done in Section 4.4.2. "Certificate Verify"). Unfortunately the
> term 'signature_algorithms' is used in many other places in the document
> itself, including the IANA consideration section that makes a reference to
> RFC 5246.
>
> Is it correct that the 'supported_signature_algorithms' extension
> replaces the 'signature_algorithm' extension from RFC 5246?
>

Yes and no :)

We've redefined the structure to be "signature and hash and curve in one
code point" but we're just
retconning the existing values and extension code point.

-Ekr


> Ciao
> Hannes
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to