On Fri, Jul 24, 2015 at 05:01:37AM +0000, Andrei Popov wrote: > > > - The certificate_types field in CertificateRequest is pretty much > > useless, since all supported algorithms are of signature type. > If the signature_algorithms extension officially becomes MTI, then > perhaps we can discus getting rid of certificate_types in the > CertificateRequest. Except we may want to use this field when we > introduce new certificate types (e.g. something like IEEE1609 certs).
Don't confuse signature_algorithms extension and supported_signature_algorithms field of CertificateRequest. Those two carry similar tasks in opposite directions, except that ssa is REQUIRED with signature certs. There are seemingly no defaults for SSA, so it has to be non-empty for signature certs to work at all. And all present types of TLS 1.3 key exchange can only use signature certs. As for IEEE1609 certs, those are negotiated via certificate format negotiation, which is entierely separate mechanism (described in RFC 7250), not involving CertificateRequest message at all. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
