Hello Bas, Yes it does. Very much so. Thank you.
I read through the pull and Alicja’s comments. I agree that Signature Scheme cannot be used cannot be used in TLS versions below TLS 1.3, however the text does say “ A peer that receives ServerKeyExchange or CertificateVerify message in a TLS 1.2…” My suggested text was just to clarify that for these message types in TLS 1.2 (or below) combined with the use of any of these schemes would require the illegal_parameter abort for a compliant TLS 1.3 implementation if received. ServerKeyExchange was dropped in TLS 1.3 but was present in TLS 1.2 and below and CertificateVerify is obviously present in TLS 1.2 and TLS 1.3. I think you’ve covered both my comments and Alicja’s by leaving one TLS 1.2 and below, and leaving one as just TLS 1.2. This satisfies the general case by saying that they must not be used in TLS 1.2 or below, but acknowledging the deprecation of TLS 1.1 and below by explicitly giving guidance for messages received from a TLS 1.2 implementation that may incidentally send these schemes in their messages. Thank you very much, Ryan Appel ---------------------------------------------------------------------- This message, and any attachment(s), is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/electronic-disclaimer. If you are not the intended recipient, please delete this message. For more information about how Bank of America protects your privacy, including specific rights that may apply, please visit the following pages: https://business.bofa.com/en-us/content/global-privacy-notices.html (which includes global privacy notices) and https://www.bankofamerica.com/security-center/privacy-overview/ (which includes US State specific privacy notices such as the http://www.bankofamerica.com/ccpa-notice).
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
