Thanks for noticing that Tobias. I've opened an erratum, but am still waiting for the RFC editor's email confirming it. I'll pass that along when that comes through.
(This is the result of a bug in NSS, so in case you are interested: https://bugzilla.mozilla.org/show_bug.cgi?id=1549225) On Sat, May 4, 2019, at 01:35, Tobias Reiher wrote: > Hi, > > the example handshake traces for TLS 1.3 (RFC8448) seems not to fully > comply to the TLS 1.3 standard (RFC8446). > > RFC8446 in 4.2.3. says that an implementation must not offer deprecated > algorithms in the signature algorithms extension: > > "In TLS 1.2, the extension contained hash/signature pairs. The > pairs are encoded in two octets, so SignatureScheme values have > been allocated to align with TLS 1.2's encoding. Some legacy > pairs are left unallocated. These algorithms are deprecated as of > TLS 1.3. They MUST NOT be offered or negotiated by any > implementation. In particular, MD5 [SLOTH], SHA-224, and DSA > MUST NOT be used." > > RFC8448 shows in 3. an example with a ClientHello message containing a > signature algorithms extension with the deprecated algorithms 0x0402, > 0x0502, 0x0602, and 0x0202, which all refer to the DSA algorithm, which > must not be used with TLS 1.3. > > Best regards, > > Tobias Reiher > > -- > Componolit GmbH · Königsbrücker Straße 124 · 01099 Dresden · Germany > Amtsgericht Dresden · HRB 36670 · Sitz Dresden > Geschäftsführer: Alexander Senier · USt-IdNr. (EU VATIN): DE312113634 > > http://componolit.com · @Componolit > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
