Hi folks,
I've just uploaded this PR to slightly tweak SignatureScheme numbering:
https://github.com/tlswg/tls13-spec/pull/641
In principle, we should only have needed to burn values starting with known
HashAlgorithms, but TLS 1.2 said:
signature
This field indicates the signature algorithm that may be used.
The values indicate anonymous signatures, RSASSA-PKCS1-v1_5
[PKCS1] and DSA [DSS], and ECDSA [ECDSA], respectively. The
"anonymous" value is meaningless in this context but used in
Section 7.4.3. It MUST NOT appear in this extension.
We'd started RSA-PSS along the train to get shipped in Chrome to get early
warning on any interoperability issues. We ran into an implementation which
enforced this MUST NOT. It's a MUST NOT in 1.2, so it seems prudent to
allocate around it and avoid ending in known SignatureAlgorithms. Thus,
rather than only burning {0x00-0x06, *}, we also burn {*, 0x00-0x03}. This
has the added benefit that TLS 1.2 dissector tools don't get confused.
(I'm not sure how to express it in the enum syntax or IANA registry, so I
left it a TODO in the PR.)
David
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
