On Monday, October 17, 2016 02:10:30 pm Ilari Liusvaara wrote:
> > %%% Authentication Messages
>
> > If sent by a server, the signature algorithm MUST be one offered in the
> > client's "signature_algorithms" extension unless no valid certificate chain
> > can be
> > produced without unsupported algorithms (see {{signature-algorithms}}).
>
> This is seemingly about server signatures. In that context, an
> unknown algorithm has absolutely no chance of working.
This came up in a discussion a while back and we decided to allow unsupported
algorithms as a last-ditch fall-back. Opportunistic encryption might not care
and there are systems that may trust certs as a whole, not caring about the
signatures. The end result is that the client should be tasked with making the
decision to accept or reject, not the server. Also can be helpful for debugging.
Dave
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
