Hi Watson,
the problem is not that the host cannot deduce from received AUTH payload
what kind of signature was used – the AUTH payload includes AlgorithmIdentifier,
so these signatures are treated differently. The problem is that host cannot
guess what kind of signatures the peer supports, that c
Hi Yoav,
or the servers must be provided with two certificates – one for TLS 1.2
and the other for TLS 1.3, that won’t make server owners happy.
I think it is a good idea to raise this issue in TLS WG.
Regards,
Valery.
From: Yoav Nir
Sent: 19 ноября 2016 г. 7:21
To: Tero Kivinen
Cc: ipsec@iet
> On 18 Nov 2016, at 5:38, Tero Kivinen wrote:
>
> Watson Ladd writes:
>> I might be confused, but the slides in
>> https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-signature-forms-ambiguity-in-ikev2-00.pdf
>> seem to very clearly want something else. Apologies for my
>> insufficient
