[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    [TLS] RFC4492bis - Clairify sections 2.1 and 2.2 with respect to RFC 5246 7.4.2.
From:       Henrik_Grubbström <grubba () gmail ! com>
Date:       2015-01-14 16:08:47
Message-ID: CALuAYvYtmNxj444NJO8n+=eJSwph62ynyw1ZU1rUEeuHpUENQQ () mail ! gmail ! com
[Download RAW message or body]

[https://github.com/tlswg/rfc4492bis/issues/3]

In TLS 1.2 the restrictions on what certificates are allowed in a
certificate chain were relaxed so the following text from sections 2.1
and 2.2 in the RFC4492bis draft should be clarified with respect to
TLS 1.2:

  2.1:
    In ECDHE_ECDSA, the server's certificate MUST contain an ECDSA-
    capable public key and be signed with ECDSA.

  2.2:
    The server certificate MUST be signed with RSA.

There's also similar text in section 5.3 Table 3.

-- 
Henrik Grubbström                                       grubba@grubba.org
Roxen Internet Software AB                              grubba@roxen.com


[prev in list] [next in list] [prev in thread] [next in thread]