On Tue, Dec 5, 2017 at 12:24 PM, Eric Rescorla <e...@rtfm.com> wrote: > - A separate extension that refers only to the cert chain > - Two sets of RSA code points, one for PSS and one for PKCS#1.
To be clear, this is two sets of RSA-PSS code points, one for PSS SPKI and one for PKCS#1 SPKI. That's awful, but I agree that it is necessary. I like the overlap with signature_algorithms and signature_algorithms_cert, because it makes the simple design possible without making the horrible intermediate steps possible. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls