> On May 22, 2017, at 1:27 PM, Benjamin Kaduk <bka...@akamai.com> wrote: > >> Isn't the language in question tackling a non-problem? > > It probably is, but I don't feel a need to spend a lot of my time pushing > for it to be removed.
Well, the reason for this sub-thread is that I just to waste a bunch of cycles to avoid new code in OpenSSL that would implement the spec as written and needlessly break applications that don't care about PKIX certificates. A nameless team member suggested casually that such applications can just disable TLS 1.3... And yet TLS 1.3 brings desirable improvements, and should not have needless restrictions on the supported use cases. Therefore, the language should go, or needs to be amended to make it clear that TLS does not prohibit (mandate connection abort, ...) the appearance of any certificate signature algorithms in the certificate message. Advice to not trust such algorithms for authentication is unnecessary, but acceptable. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls