On Sat, Sep 24, 2016 at 01:17:22AM +0000, Nick Sullivan wrote: > Signature algorithm support is typically per-connection, not per > certificate request. If you're doing multiple post-handshake > authentications then (2) reduces the amount of redundant data sent on > subsequent authentications. Furthermore, it opens the door for unsolicited > post-handshake authentication in future extensions to the protocol. > > Clients only need to stash a copy of it if they support client > authentication, which in my opinion should be optional. Perhaps support for > post-handshake authentication should be signaled with an extension. That > way the server SignatureSchemes could be carried in that extension, rather > than overloading the "signature_algorithms" extension. But the client requires that signature list to perform authentication. It is not optional for the in-handshake authentication.
Also, I think the post-handshake auth is just annoying (and it comes with security problems currently), so I would like to be able to just not implement it. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
