On Tue, Jul 12, 2016 at 07:53:41PM +, David Benjamin wrote:
> On Tue, Jul 12, 2016 at 3:29 PM Ilari Liusvaara
> wrote:
>
> Right, there is a risk of interop failures if two implementations disagree
> on whether the algorithms exist in 1.2. Since getting these
On Tue, Jul 12, 2016 at 10:29:29PM +0300, Ilari Liusvaara wrote:
> By the time CertificateRequest is sent, the server knows the final
> protocol, so it can omit algorithms it knows it can't handle. Also,
> the client picks the actual algorithm, so it too can avoid algorithms
> it can't handle. So
On Tue, Jul 12, 2016 at 3:29 PM Ilari Liusvaara
wrote:
> On Tue, Jul 12, 2016 at 05:47:26PM +, David Benjamin wrote:
> > [Changing subject since the other thread is about something else.]
> >
> > I believe, as the text stands right now, RSA-PSS and EdDSA do *not*
On Tue, Jul 12, 2016 at 1:47 PM David Benjamin
wrote:
> [Changing subject since the other thread is about something else.]
>
> On Tue, Jul 12, 2016 at 12:16 AM Ilari Liusvaara
> wrote:
>
>> > ### Signature Algorithms
>> >
>> > * In TLS 1.2, the
[Changing subject since the other thread is about something else.]
On Tue, Jul 12, 2016 at 12:16 AM Ilari Liusvaara
wrote:
> > ### Signature Algorithms
> >
> > * In TLS 1.2, the extension contained hash/signature pairs. The pairs are
> > encoded in two octets, so