Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2

2016-07-12 Thread Ilari Liusvaara
On Tue, Jul 12, 2016 at 07:53:41PM +, David Benjamin wrote: > On Tue, Jul 12, 2016 at 3:29 PM Ilari Liusvaara > wrote: > > Right, there is a risk of interop failures if two implementations disagree > on whether the algorithms exist in 1.2. Since getting these

Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2

2016-07-12 Thread Ilari Liusvaara
On Tue, Jul 12, 2016 at 10:29:29PM +0300, Ilari Liusvaara wrote: > By the time CertificateRequest is sent, the server knows the final > protocol, so it can omit algorithms it knows it can't handle. Also, > the client picks the actual algorithm, so it too can avoid algorithms > it can't handle. So

Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2

2016-07-12 Thread David Benjamin
On Tue, Jul 12, 2016 at 3:29 PM Ilari Liusvaara wrote: > On Tue, Jul 12, 2016 at 05:47:26PM +, David Benjamin wrote: > > [Changing subject since the other thread is about something else.] > > > > I believe, as the text stands right now, RSA-PSS and EdDSA do *not*

Re: [TLS] TLS 1.3 signature algorithms in TLS 1.2

2016-07-12 Thread David Benjamin
On Tue, Jul 12, 2016 at 1:47 PM David Benjamin wrote: > [Changing subject since the other thread is about something else.] > > On Tue, Jul 12, 2016 at 12:16 AM Ilari Liusvaara > wrote: > >> > ### Signature Algorithms >> > >> > * In TLS 1.2, the

[TLS] TLS 1.3 signature algorithms in TLS 1.2

2016-07-12 Thread David Benjamin
[Changing subject since the other thread is about something else.] On Tue, Jul 12, 2016 at 12:16 AM Ilari Liusvaara wrote: > > ### Signature Algorithms > > > > * In TLS 1.2, the extension contained hash/signature pairs. The pairs are > > encoded in two octets, so