> This does not work when new algorithms are introduced, since you can't > advertise algorithms you don't know exist. When old algorithms are deprecated and new algorithms replace them in actual deployments (a very slow process), an opportunistic client would need to be updated, just like a normal server-authenticating client does. Except for the opportunistic client this update would be rather trivial.
Alternatively, can an opportunistic client explicitly negotiate anonymous connections? -----Original Message----- From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Viktor Dukhovni Sent: Monday, July 13, 2015 3:08 PM To: tls@ietf.org Subject: Re: [TLS] Deprecate SHA1 for signatures in TLS 1.3 (was Re: TLS 1.3 draft-07 sneak peek) On Mon, Jul 13, 2015 at 07:45:30PM +0000, Andrei Popov wrote: > Would it make sense for an opportunistic client to advertise all > algorithms commonly supported in the server certs? After all, there > are relatively few signature/hash pairs in use, and they are changing > very slowly over time. This does not work when new algorithms are introduced, since you can't advertise algorithms you don't know exist. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
