On Thursday, November 05, 2015 04:38:34 pm Viktor Dukhovni wrote: > I'd like it to say: > > * The signature algorithms of self-signed certificates are > not subject to any constraints on either the supplicant or > the verifier. They are not required to match the supported > signature algorithms of the peer, are not required to avoid > deprecated algorithms, and their self-signatures SHOULD NOT > be checked.
Why "SHOULD NOT be checked"? I don't think it needs to say anything about checking self-signatures here, one way or another. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
