No, it does not. The way to do that presently would be to have combined algoithms.
-Ekr On Wed, Jul 5, 2017 at 8:20 AM, Philip Lafrance <[email protected] > wrote: > Hello all, > > > I am not certain whether the issue of multiple signature algorithms has > previously come up in the TLS 1.3 discussion and was wondering if this is > something we need to consider. > > > > As many of you know, updating roots of trust to support quantum-resistant > algorithms in various devices may be a fairly urgent issue. Fortunately, > we can use hash-based algorithms for that soon. Hash-base algorithms can > even be used in end-entity certificates for code signing. > > > > Now, I am wondering if we will ever have a situation where we will need to > support certificate chains in TLS where CA certificates use hash-based > algorithms and end-entity certificates use some new stateless signature > algorithm. If that is the case, we will need to support multiple digital > signatures in one certificate chain. > > > > Does TLS 1.3 currently permit negotiating multiple signature algorithms? > Admittedly I don’t quite have the current draft memorized, but a cursory > reading of v21 seems to suggest that it does not allow for multiple > algorithms; simply that the client sends an ordered list of preferred > algorithms and the server selects one of them. If not, then does anyone > think it is worthwhile to add this functionality to TLS 1.3? > > > Thanks in advance, > > Philip Lafrance > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
