On Wednesday, July 22, 2015 10:30:24 am Kyle Rose wrote: > How about removing the RSA/ECDSA from the cipher suite, and making the > SigAlgs extension mandatory for connections requiring authentication? > That halves the number of cipher suites and eliminates an unnecessary > redundancy, while keeping the rest of the cipher suite negotiation > logic intact.
This is already a part of the current a la carte proposal that's been under discussion. recent summary of changes: https://www.ietf.org/mail-archive/web/tls/current/msg17156.html current WIP text: https://github.com/davegarrett/tls13-spec/blob/alacarte/draft-ietf-tls-tls13.md#cipher-suites diff from PR #201: https://github.com/davegarrett/tls13-spec/compare/alertsandcerts...davegarrett:alacarte Both the supported groups and signature algorithms extensions are mandatory in this proposal, and they are the sole methods to select key exchange and certificates, with the ECDHE_ECDSA prefix being essentially frozen for certificate authenticated cipher suites. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
