On Jan 6, 2021, at 2:00 PM, Eric Rescorla <e...@rtfm.com> wrote: > This is not strictly correct: TLS allows both the client and the server to > advertise their supported signature algorithms, which can be used by the peer > to guide certificate selection.
Fair point. However, if the TLS client says "I support only $x and $y", that does not change how the TLS server chose the algorithm in its certificate in the past, only what to do if it happens to have multiple certificates with different algorithms, which seems rare. Ben's proposal leans way over towards everyone having to agree ahead of time. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
