Viktor Dukhovni <ietf-d...@dukhovni.org> writes: >So I'd like to see the text in the first paragraph changed to a SHOULD or >worst-case a qualified "MUST whenever possible".
Why is that whole thing even there in the first place? From the previous discussions where this came up, the pretty much universal consensus was that people were ignoring the requirement because it served no obvious purpose but broke interoperability. Unless you're a server operator that chooses to buy a whole bunch of $995 certs, one per algorithm, from a CA that allows you to choose which algorithm gets used for signing, the whole thing is completely inapplicable. You send whatever cert chain the CA gave you to the client, and it's up to them to decide whether they want to accept or reject. What would be lost by simply removing that entire block of text, since it's being ignored by implementers anyway? The solution is to remove it, not to fiddle with it until it becomes a no-op that matches what everyone is doing anyway. (This seems to be getting like PKIX where a mistake is never actually corrected, just watered down again and again over successive iterations of a spec until it's finally quietly dropped when no-one is looking). Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls