Re: [keyassure] Bare keys again
Matt McCutchen <matt@mattmccutchen.net> Mon, 21 March 2011 20:19 UTC
Return-Path: <matt@mattmccutchen.net>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B58473A687E for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 13:19:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2oHzAHeZCT6O for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 13:19:32 -0700 (PDT)
Received: from homiemail-a1.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by core3.amsl.com (Postfix) with ESMTP id B66153A6876 for <keyassure@ietf.org>; Mon, 21 Mar 2011 13:19:32 -0700 (PDT)
Received: from homiemail-a1.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a1.g.dreamhost.com (Postfix) with ESMTP id 913DE348070; Mon, 21 Mar 2011 13:21:05 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=mattmccutchen.net; h=subject:from :to:cc:in-reply-to:references:content-type:date:message-id :mime-version:content-transfer-encoding; q=dns; s= mattmccutchen.net; b=Vl6Gle0xU16LMr2dUwdySHj8rJhvzq2CZUXeC9Rfagc NBJkGwDqX+Z+67oALVbB1H9koD0cRiPr2cuKHMERWMTJi12EXDe/jYdXM2KSWdol lKnadeRJc8n/VzNzcUXS7Y63fLYu6ozqOAG2q+yoOh/tfk1qMbV0YzSXa49NEzRk =
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mattmccutchen.net; h= subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:content-transfer-encoding; s= mattmccutchen.net; bh=Hzlw6T6iz1E8Xw4IrykqhzfO0pU=; b=tvIZpndgwn g99hmbQcm8E2wsTmWrMeAsy+/szCA/QEm+8yjXQDSHS2us4TbbYEI05XuMwK8ew2 DFYfqyXLFbb+DpdMdblM9/pAdaV1fe+TYMNz+AWGFuPjBOn0uzONAWCOCanBajgB VnRlxJqQ71mgSucdH5uzBoLbdvGYTP55c=
Received: from [192.168.1.40] (pool-96-231-2-98.washdc.east.verizon.net [96.231.2.98]) (Authenticated sender: matt@mattmccutchen.net) by homiemail-a1.g.dreamhost.com (Postfix) with ESMTPA id 0AB8134806F; Mon, 21 Mar 2011 13:21:04 -0700 (PDT)
From: Matt McCutchen <matt@mattmccutchen.net>
To: Paul Wouters <paul@xelerance.com>
In-Reply-To: <alpine.LFD.1.10.1103211557590.20162@newtla.xelerance.com>
References: <201103211551.p2LFp5KR027266@fs4113.wdf.sap.corp> <alpine.LFD.1.10.1103211557590.20162@newtla.xelerance.com>
Content-Type: text/plain; charset="UTF-8"
Date: Mon, 21 Mar 2011 16:21:03 -0400
Message-ID: <1300738863.2117.33.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.32.3
Content-Transfer-Encoding: 7bit
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Bare keys again
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2011 20:19:39 -0000
On Mon, 2011-03-21 at 16:02 -0400, Paul Wouters wrote: > Section 7 of 5246 shows me: > > Client Server > > ClientHello --------> > ServerHello > Certificate* > ServerKeyExchange* > CertificateRequest* > <-------- ServerHelloDone > Certificate* > ClientKeyExchange > CertificateVerify* > [ChangeCipherSpec] > Finished --------> > [ChangeCipherSpec] > <-------- Finished > Application Data <-------> Application Data > > * Indicates optional or situation-dependent messages that are not > always sent. > > To me this seems to say that "Certificate*" on the server side could > be omitted in situation-dependent messages. Yes, as described elsewhere in the standard. It doesn't mean that you can omit the Certificate message whenever you please. -- Matt
- Re: [keyassure] Issues that no longer issues? Ondřej Surý
- [keyassure] Issues that no longer issues? Warren Kumari
- Re: [keyassure] Issues that no longer issues? Paul Wouters
- [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Stephen Kent
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Eric Rescorla
- Re: [keyassure] Bare keys again Phillip Hallam-Baker
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Martin Rex
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Jeff Schmidt
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Douglas Otis
- Re: [keyassure] Bare keys again Douglas Otis
- Re: [keyassure] Bare keys again Henry Story
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Ben Laurie
- Re: [keyassure] Bare keys again Paul Hoffman
- Re: [keyassure] Bare keys again Matt McCutchen
- Re: [keyassure] Bare keys again Paul Wouters
- Re: [keyassure] Bare keys again Matt McCutchen