On Thu, Sep 22, 2016 at 2:33 AM, Hannes Tschofenig <
> Hi all,
> I need a clarification regarding the use of the signature algorithms.
> Reading Section 4.2.3. "Signature Algorithms" I got the impression that
> there is a new extension being defined called
> which replaces the previous 'signature_algorithm' extension.
> The difference between the 'signature_algorithm' extension in RFC 5246 and
> the newly defined 'supported_signature_algorithms' extension is that the
> new extension only contains the digital signature algorithm and not the
> hash function anymore.
> If that's indeed the intention I would prefer if the text uses the
> 'supported_signature_algorithms' rather than 'signature_algorithms'.
> (as it is done in Section 4.4.2. "Certificate Verify"). Unfortunately the
> term 'signature_algorithms' is used in many other places in the document
> itself, including the IANA consideration section that makes a reference to
> RFC 5246.
> Is it correct that the 'supported_signature_algorithms' extension
> replaces the 'signature_algorithm' extension from RFC 5246?
Yes and no :)
We've redefined the structure to be "signature and hash and curve in one
code point" but we're just
retconning the existing values and extension code point.
> TLS mailing list
TLS mailing list