In retrospect what we should have done is specified tls-server-end-point-<hash>
and left it as a problem for apps to negotiate one of these if ever they should have to. Perhaps we should do for now is something like update RFC 5929 and the registraion of tls-server-end-point to list the digest alg to use for existing signature algs for which TSEP is working today, then say to use SHAKE256 for all others. And perhaps we should specify tls-server-end-point-SHAKE256 as well while we're at it. Nico -- _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
