2b. encrypted extensions over ServerHello If we make this like signature_algorithms, then I think that I prefer option 1. I don't like that signature_algorithms is built that way, I think that it's repulsive, but there are some advantages to doing it that way, especially if we accept the fact that the client can authenticate multiple times, so I'm willing to live with that.
On 21 October 2015 at 16:56, Eric Rescorla <e...@rtfm.com> wrote: > https://github.com/tlswg/tls13-spec/issues/292 > > Presently, RFC 4492 only specifies the EC points it can support in > ServerHello, but does not let the server indicate which EC curves it > supports. Unless I'm missing something, this means that there's > no way for the server to indicate what groups it would support. > > That seems less than ideal. There seem like three options here: > > 1. Put it in CertificateRequest > 2. Send it in ServerHello > 3. Do nothing. > > Thoughts? > -Ekr > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
