On Thu, Oct 22, 2015 at 08:42:51AM +0100, Rob Stradling wrote:
> IINM this also changes the fallback for servers that choose to include a
> PKIX trust anchor certificate in the Server Certificate message.
The signatures of trust-anchor (i.e. self-signed) certificates MUST
NOT be constrained by this proposal, even if the WG otherwise
chooses to step outside the proper scope of TLS into PKIX chain
validation.
Please note that the self-signature of the CAcert.org 4096-bit root
CA is MD5.
> Why would it make sense to prohibit the sending of PKIX trust anchor
> certificates that have sha1WithRSAEncryption signatures?
It makes no sense to restrict the signatures of trust-anchors. It
makes little sense to restrict the signatures certificates servers
can send to clients to be evaluated per the client's policy.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
