On Wed, Jul 05, 2017 at 11:20:01AM -0400, Philip Lafrance wrote: > Now, I am wondering if we will ever have a situation where we will need to > support certificate chains in TLS where CA certificates use hash-based > algorithms and end-entity certificates use some new stateless signature > algorithm. If that is the case, we will need to support multiple digital > signatures in one certificate chain.
You can already mix-and-match algorithms across the chain (by the spec in TLS 1.2 and 1.3, and in practice in earlier versions). However, to use an algorithm for signing key exchange, you need: - TLS SignatureScheme value for it. - PKIX SPKI key OID for it. And to use algorithm for certificate signing: - PKIX SPKI key OID for it. - PKIX signature OID for it. - Preferably TLS SignatureScheme value for it. (The last is not absolute requirement, but doing without is an interop hazard) -Ilari _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
