Hi, here is another PR: https://github.com/tlswg/tls13-spec/pull/838
The client should be required to verify the CertificateVerify message. In addition I prefer to specify the alert type in case the verification fails (also for the Finished). Thanks, Jens _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
