Thanks for the comments Ben.
> We mentioned adding a NUL byte separator in the signature on the > DelegatedCredential Yup this is something we noticed during the hackathon interop that would definitely be helpful in an implementation and we should change it to have that. What we realized when we implemented it was that we ended up representing a delegated credential in code as a type of cert with a similar interface for verification and it would be useful to reuse the same verification code for TLS 1.3. > Do we want to leave the valid SignatureSchemes as all that are defined, or > mention the Recommended column in the registry, or narrow things even > further? In other words, should we give some guidance for how to select a > scheme to use? It's restricted to the ones that are supported by the client in TLS 1.3. I don't see TLS recommending signature algorithms to use beyond section 4.2.3 that "rsa_pkcs1_sha1, dsa_sha1, and ecdsa_sha1 SHOULD NOT be offered.". What kind of a recommendation would you like to see. Would love a pull request at https://github.com/ekr/tls-subcerts/pulls to get a general idea of what you would like to see. Subodh ________________________________ From: TLS <tls-boun...@ietf.org> on behalf of Kaduk, Ben <bka...@akamai.com> Sent: Tuesday, March 28, 2017 7:12:58 PM To: tls@ietf.org Subject: [TLS] review comments on draft-rescorla-tls-subcerts-01 Getting these in email before my printout with red markings gets buried in a pile. We mentioned adding a NUL byte separator in the signature on the DelegatedCredential (as well as some other potential tweaks to normalize the context strings elsewhere and here). Do we want to leave the valid SignatureSchemes as all that are defined, or mention the Recommended column in the registry, or narrow things even further? In other words, should we give some guidance for how to select a scheme to use? -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=c2n5STs7L3HaVUDLCexXj_71qQVn5w-ZUJ76hgi1PWs&s=o7UX4TmoWt7yZ-eFOM2nOkq8UJETS_S_szs-YPNjUmo&e=
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
