On Fri, Jul 06, 2018 at 01:11:34AM +0000, Patton,Christopher J wrote: > The string over which the delegation signature is computed contains > the `SubjectPublicKeyInfo` of the DC public key. This in turn > contains an `AlgorithmIdentifier`. Does an X.509 `AlgorithmIdentifier` > determine a unique TLS `SignatureScheme`?
Unfortunately not. While the ECDSA and EdDSA keys indeed only have one valid SignatureScheme, RSA keys have three (the difference being using SHA-256 vs. SHA-384 vs. SHA-512). This holds for both genric RSA keys and RSA-PSS keys (and the signatureschemes are different for those two). Also, relying on this even for ECDSA keys might not be a good idea, as if another hash ever gets added, then there could be mulitple SignatureSchemes even for ECDSA keys. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
