> On Mar 23, 2017, at 9:00 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > > See several previous discussions on the rationale behind > this (hmm, if you can find them :-).
See, for example, the thread that contains: https://www.ietf.org/mail-archive/web/tls/current/msg17977.html I chose that message because it was easy to find. This particular topic has been a bit of a focus of mine on this list, so searching for my posts with a few of the related keywords pretty quickly messages on this topic. Given that TLS is opportunistic in SMTP, I strive to find ways to achieve as much as security as one can get and not end up with less by dogmatically insisting on more than is possible. Hence RFC7435, and more recently the dose of pragmatism that made it possible to convince the group to avoid repeating the error in the TLS 1.3 spec. The net effect is that in practice you simply ignore the signature algorithms when it comes to the certificate chain. I've never seen a TLS server that has multiple chains to choose from for the same server identity. This applies also to TLS 1.2, despite RFC 5246. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
