Hello, Though implementation of certificate compression, I felt that RFC 8879 is ambiguous on how to calculate transcript hash.
RFC 8446 defines the content for Certificate Verify as follow: Transcript-Hash(Handshake Context, Certificate) This is natural reuse of transcript hash. So, AFAIK, "tlsfuzzer" and facebook.com use the following as the content: Transcript-Hash(Handshake Context, CompressedCertificate) But RFC 8879 says: After decompression, the Certificate message MUST be processed as if it were encoded without being compressed. I think the following original interpretation is possible for the content: Transcript-Hash(Handshake Context, Certificate) Clarification would be helpful. --Kazu _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
