Hi Watson,
the problem is not that the host cannot deduce from received AUTH payload
what kind of signature was used – the AUTH payload includes AlgorithmIdentifier,
so these signatures are treated differently. The problem is that host cannot
guess what kind of signatures the peer supports, that
Hi Yoav,
or the servers must be provided with two certificates – one for TLS 1.2
and the other for TLS 1.3, that won’t make server owners happy.
I think it is a good idea to raise this issue in TLS WG.
Regards,
Valery.
From: Yoav Nir
Sent: 19 ноября 2016 г. 7:21
To: Tero Kivinen
Cc:
> On 18 Nov 2016, at 5:38, Tero Kivinen wrote:
>
> Watson Ladd writes:
>> I might be confused, but the slides in
>> https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-signature-forms-ambiguity-in-ikev2-00.pdf
>> seem to very clearly want something else. Apologies for