On Tue, Nov 22, 2016 at 11:07 AM, Olivier Levillain <
olivier.levill...@ssi.gouv.fr> wrote:
> Hi list,
>
> I am sorry for the very late answer concerning draft 18, but we
> (ANSSI) have several remarks after proof-reading the current
> specification.
>
> We are sorry for the multiple long messages.
>
> If the WG is interested by some of our concerns/proposals, we would be
> glad to propose some PRs.
>
>
> = Signature in certificates =
>
> The two paragraphs in 4.4.1.2 P.56 starting with "All certificates"
> are very far from clear. They require (MUST) some behaviour, which is
> later reformulated with an unless part. I am not sure of the intent
> here, but we believe the current text should be rewritten to clearly
> express the intent of the WG.
>
We did try to make this clear, but maybe we failed.
My comprehension is that the server MUST use only signature schemes
> described in signature_algorithms, except for the following cases:
> - for checking the signature in self-signed or trust anchors (since
> this check is useless, the trust coming from an out-of-band
> mechanism in this case)
> - when the only available chains use signature scheme are not known
> to be supported by the client
> - the case of SHA-1 is special
>
Yes, this seems accurate. If you would like to provide a PR that you think
makes this
clearer, that would be appreciated.
-Ekr
> The same confusion can be found in 4.4.2 P.59 ("If sent by a
> server...")
>
>
> Olivier Levillain
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
