On Tue, Jan 12, 2016 at 4:13 PM, Fabrice Gautier <fabrice.gaut...@gmail.com> wrote:
> > > With TLS 1.2, where the server does send a supported_signature_algorithms > > list, clients that use signatures other than those listed should > > expect to run into servers that reject this with a fatal alert. > > The server's TLS stack (not its X.509 chain verification code) has > > to check the signature in the client's "Certifice Verify" message. > > Which does raise another interesting question when certificate_types > and supported_signature_algorithms conflicts. It's the intersection: https://tools.ietf.org/html/rfc5246#section-7.4.4 - Any certificates provided by the client MUST be signed using a hash/signature algorithm pair found in supported_signature_algorithms. - The end-entity certificate provided by the client MUST contain a key that is compatible with certificate_types. If the key is a signature key, it MUST be usable with some hash/signature algorithm pair in supported_signature_algorithms. However, it's confusing, and so we removed certificate_types in 1.3. -Ekr > > > The server's list of CA's on the other hand is largely a hint, and > > clients often just ignore it entirely. If the server can verify > > the certificate, it generally does not matter whether the CA was > > listed in the certificate request message or not. For many servers > > client certificates are optional anyway, or they verify them without > > reference to any particular PKI. > > > > -- > > Viktor. > > > > _______________________________________________ > > TLS mailing list > > TLS@ietf.org > > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
