Viktor Dukhovni <ietf-d...@dukhovni.org> writes: > On Thu, Oct 22, 2015 at 08:42:51AM +0100, Rob Stradling wrote: > > > IINM this also changes the fallback for servers that choose to include a > > PKIX trust anchor certificate in the Server Certificate message. > > The signatures of trust-anchor (i.e. self-signed) certificates MUST > NOT be constrained by this proposal, even if the WG otherwise > chooses to step outside the proper scope of TLS into PKIX chain > validation.
I believe nothing is constrained by this proposal in the form you're thinking. That is, it's only if you have two versions of the root, one with a requested algorithm and one without, that this proposal comes into play. At least, I think that's the intent. It might help to clarify this in the proposal. It should be noted that the situation can become quite complicated, for example it's possible that there might be one chain which uses only SHA-2 which chains to one newer root, and another chain which uses mostly SHA-1 and chains to a different older root. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
