On Fri, Jan 15, 2016 at 8:23 PM Eric Rescorla <e...@rtfm.com> wrote: > On Fri, Jan 15, 2016 at 5:19 PM, David Benjamin <david...@chromium.org> > wrote: > >> On Fri, Jan 15, 2016 at 8:07 PM Dave Garrett <davemgarr...@gmail.com> >> wrote: >> >>> On Friday, January 15, 2016 03:45:34 pm David Benjamin wrote: >>> > This is a proposal for revising SignatureAlgorithm/HashAlgorithm. In >>> TLS >>> > 1.2, signature algorithms are spread across the handshake. >>> [...] >>> > I propose we fold the negotiable parameters under one name. >>> [...] >>> > 2. Remove HashAlgorithm, SignatureAlgorithm, SignatureAndHashAlgorithm >>> as >>> > they are. Introduce a new SignatureAlgorithm u16 type and negotiate >>> that >>> > instead. >>> >>> I previously proposed this here: >>> https://www.ietf.org/mail-archive/web/tls/current/msg18035.html >>> >>> ekr was against it, though it hasn't been discussed that throughly. >>> https://www.ietf.org/mail-archive/web/tls/current/msg18036.html >> >> >> Ah, thanks! I must have missed this discussion. Or perhaps I saw it and >> forgot. >> >> ekr, are you still against this sort of thing? I think the new CFRG >> signature algorithms tying decisions together is a good argument for why >> we'd want this. If we believe this trend is to continue (and I hope it >> does. Ed25519 is a nice and simple interface), trying to decompose it all >> seems poor. >> > > I'm not sure. I agree that the CFRG thing seems to be a new development. > I'll > try to confirm my previous opinion or develop a new one over the weekend :) >
ekr, did you have confirmed or new thoughts on this change? >From elsewhere in the thread, I put together a draft PR if you wanted something to look at in that form. https://github.com/tlswg/tls13-spec/pull/404 It incorporated some of the suggestions in the thread (not mentioning the really legacy values, pairing NIST curves with hashes, etc.), but that's not the important part. The meat of the proposal is unifying signature algorithms under one number and a shared interface, which I think is a valuable simplification. David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
