Hi list,
I am sorry for the very late answer concerning draft 18, but we
(ANSSI) have several remarks after proof-reading the current
specification.
We are sorry for the multiple long messages.
If the WG is interested by some of our concerns/proposals, we would be
glad to propose some PRs.
= Signature in certificates =
The two paragraphs in 4.4.1.2 P.56 starting with "All certificates"
are very far from clear. They require (MUST) some behaviour, which is
later reformulated with an unless part. I am not sure of the intent
here, but we believe the current text should be rewritten to clearly
express the intent of the WG.
My comprehension is that the server MUST use only signature schemes
described in signature_algorithms, except for the following cases:
- for checking the signature in self-signed or trust anchors (since
this check is useless, the trust coming from an out-of-band
mechanism in this case)
- when the only available chains use signature scheme are not known
to be supported by the client
- the case of SHA-1 is special
The same confusion can be found in 4.4.2 P.59 ("If sent by a
server...")
Olivier Levillain
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
