Clarify sections 2.1 and 2.2 with respect to RFC 5246 7.4.2.

tlswg / rfc4492bis

A repo for an updated RFC 4492.

6 stars 6 forks source link

Clarify sections 2.1 and 2.2 with respect to RFC 5246 7.4.2. #3

Open grubba opened 9 years ago

grubba commented 9 years ago

In TLS 1.2 the restrictions on what certificates are allowed in a certificate chain were relaxed so the following text from sections 2.1 and 2.2 in the draft should be clarified with respect to TLS 1.2:

2.1: In ECDHE_ECDSA, the server's certificate MUST contain an ECDSA- capable public key and be signed with ECDSA.
2.2: The server certificate MUST be signed with RSA.

grubba commented 9 years ago

Similar text also in section 5.3 Table 3.

yoavnir commented 9 years ago

Again, this is for the list, but IMO these restrictions should go away entirely.

On Tue, Jan 13, 2015 at 1:29 PM, Henrik Grubbström (Grubba) < notifications@github.com> wrote:

Similar text also in section 5.3 Table 3.

— Reply to this email directly or view it on GitHub https://github.com/tlswg/rfc4492bis/issues/3#issuecomment-69731105.

grubba commented 8 years ago

Seems this will be fixed with pull request #10.