On Tue, Jul 12, 2016 at 4:17 PM Ilari Liusvaara
wrote:
> On Tue, Jul 12, 2016 at 07:53:41PM +, David Benjamin wrote:
> > On Tue, Jul 12, 2016 at 3:29 PM Ilari Liusvaara <
> ilariliusva...@welho.com>
> > wrote:
> >
> > Right, there is a risk of interop failures if two implementations
> disagre
On Tue, Jul 12, 2016 at 07:53:41PM +, David Benjamin wrote:
> On Tue, Jul 12, 2016 at 3:29 PM Ilari Liusvaara
> wrote:
>
> Right, there is a risk of interop failures if two implementations disagree
> on whether the algorithms exist in 1.2. Since getting these algorithms into
> 1.2 is not that
On Tue, Jul 12, 2016 at 10:29:29PM +0300, Ilari Liusvaara wrote:
> By the time CertificateRequest is sent, the server knows the final
> protocol, so it can omit algorithms it knows it can't handle. Also,
> the client picks the actual algorithm, so it too can avoid algorithms
> it can't handle. So
On Tue, Jul 12, 2016 at 3:29 PM Ilari Liusvaara
wrote:
> On Tue, Jul 12, 2016 at 05:47:26PM +, David Benjamin wrote:
> > [Changing subject since the other thread is about something else.]
> >
> > I believe, as the text stands right now, RSA-PSS and EdDSA do *not* exist
> > in 1.2 because we'r
On Tue, Jul 12, 2016 at 05:47:26PM +, David Benjamin wrote:
> [Changing subject since the other thread is about something else.]
>
> I believe, as the text stands right now, RSA-PSS and EdDSA do *not* exist
> in 1.2 because we're not touching the 1.2 registries. But this should be
> clarified
On Tue, Jul 12, 2016 at 1:47 PM David Benjamin
wrote:
> [Changing subject since the other thread is about something else.]
>
> On Tue, Jul 12, 2016 at 12:16 AM Ilari Liusvaara
> wrote:
>
>> > ### Signature Algorithms
>> >
>> > * In TLS 1.2, the extension contained hash/signature pairs. The pair
