On Thu, Jan 18, 2018 at 3:29 AM, Matt Caswell <m...@openssl.org> wrote:
> The specification of the new signature_algorithms_cert seems somewhat > lacking to me. There is very little description about how it should be > interpreted. About the best I can get from the spec is this: > > The "signature_algorithms_cert" extension applies to signatures in > certificates and the "signature_algorithms" extension, which > originally appeared in TLS 1.2, applies to signatures in > CertificateVerify messages. > > But in section 4.4.2.2 we see this: > > All certificates provided by the server MUST be signed by a signature > algorithm that appears in the "signature_algorithms" extension > provided by the client, if they are able to provide such a chain (see > Section 4.2.3). Certificates that are self-signed or certificates > that are expected to be trust anchors are not validated as part of > the chain and therefore MAY be signed with any algorithm. > > > Is this an oversight? Should this reference "signature_algorithms_cert" > as well/instead? > Yes, it's an oversight that it didn't get added here. Some questions: > > - Is "signature_algorithms_cert" mandatory to implement for servers? It > does not appear in 9.2 so I am assuming not. There is some text in 4.2.3 > which says what to do if "signature_algorithms_cert" is not present - > which seems to confirm that it is not mandatory for clients at least. > Both sides need to implement it for the purposes of filtering the certificates they send. Neither side need send it if it has a consistent policy for CertVerify and chain validation. - Are we allowed to ignore "signature_algorithms_cert" if we can't build > a chain and honour its contents? > Same rules as signature_algorithms. I have filed https://github.com/tlswg/tls13-spec/pull/1142 to clarify these points. -Ekr > > Matt > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
