Re: [IPsec] Take a stand for key hygine

Hi Watson, the problem is not that the host cannot deduce from received AUTH payload what kind of signature was used – the AUTH payload includes AlgorithmIdentifier, so these signatures are treated differently. The problem is that host cannot guess what kind of signatures the peer supports, that

Re: [IPsec] Take a stand for key hygine

Hi Yoav, or the servers must be provided with two certificates – one for TLS 1.2 and the other for TLS 1.3, that won’t make server owners happy. I think it is a good idea to raise this issue in TLS WG. Regards, Valery. From: Yoav Nir Sent: 19 ноября 2016 г. 7:21 To: Tero Kivinen Cc:

Re: [IPsec] Take a stand for key hygine

> On 18 Nov 2016, at 5:38, Tero Kivinen wrote: > > Watson Ladd writes: >> I might be confused, but the slides in >> https://www.ietf.org/proceedings/97/slides/slides-97-ipsecme-signature-forms-ambiguity-in-ikev2-00.pdf >> seem to very clearly want something else. Apologies for