On Wed, Oct 16, 2019, 4:13 PM Martin Thomson <m...@lowentropy.net> wrote:
> On Tue, Oct 15, 2019, at 17:13, Nick Sullivan wrote: > > One may note that no matter what the choice is with respect to RSA, > > this particular wrinkle also applies more broadly. For example, if a > > client advertises support for ed25519 in "signature_algorithms" in > > order to support ed25519 delegated credentials, it should also be > > prepared to receive an ed25519 certificate. > > Good point. But I'm not sure that I'm happy with that property. In TLS 1.3 it seems to have been assumed this wouldn't happen and we could split signature algorithms from signature algorithms cert. If that's not actually the case it affects more than just DCs. DCs are a good way to restore extensibility if there is a problem here, provided we can come up with a solution. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
