Re: [TLS] TLS 1.3 certificate delegation?
Carl Wallace <carl@redhoundsoftware.com> Thu, 07 November 2013 20:26 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F6D621E809F for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 12:26:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=0.500, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id klHxgt80XiOi for <tls@ietfa.amsl.com>; Thu, 7 Nov 2013 12:26:42 -0800 (PST)
Received: from mail-pa0-f43.google.com (mail-pa0-f43.google.com [209.85.220.43]) by ietfa.amsl.com (Postfix) with ESMTP id 6D3C221E8137 for <tls@ietf.org>; Thu, 7 Nov 2013 12:26:42 -0800 (PST)
Received: by mail-pa0-f43.google.com with SMTP id hz1so1137149pad.16 for <tls@ietf.org>; Thu, 07 Nov 2013 12:26:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:cc:message-id :thread-topic:in-reply-to:mime-version:content-type :content-transfer-encoding; bh=ix5vDgT3++axe1VQr8/rcdVQ/xizb7ojkrXuTtTbbDk=; b=ixJiUSv5CdcfSdXbSvZeTFXxABjWlq0wkfj+rXyORfH8Od1+Z7MhV2mJ/DVrTuYoGC 0gvvFyGFLCVol8/smohSvjrzu0+Nnvu3397pP8kT/tfzeLq/ibY0BfLiyPQTmUzefeaX iXbgFJtdgJSCKUzmAJQBaosDxgbCp+h3WnUwRXot0jxJW8HoSREEn6yQBlpzye4weH6s uRkB29oKx3ox6+RveRJNYnSAimIKyb/z4WD/J4cr+QtR72mrMiyGFdAkBEMcVNW3uIby icfVkfTNWSpeDSZzbimCqdhgWTXDMY8UdWxQhNTtqVWmTEUvzhBsRuJdtQCht98ZEbkx jVuQ==
X-Gm-Message-State: ALoCoQkiGCaWQxX4gxcso+C+pBbC+5aZShhnG5ud/J8oN/6i0N8+E+lg+GQ6S7wRN9Lx2KC71zsV
X-Received: by 10.66.102.66 with SMTP id fm2mr11646550pab.94.1383856002034; Thu, 07 Nov 2013 12:26:42 -0800 (PST)
Received: from [192.168.0.131] (S01061caff7df80fa.vc.shawcable.net. [24.85.69.194]) by mx.google.com with ESMTPSA id sy10sm8595606pac.15.2013.11.07.12.26.40 for <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 07 Nov 2013 12:26:41 -0800 (PST)
User-Agent: Microsoft-MacOutlook/14.3.8.130913
Date: Thu, 07 Nov 2013 12:26:35 -0800
From: Carl Wallace <carl@redhoundsoftware.com>
To: Andy Lutomirski <luto@amacapital.net>
Message-ID: <CEA13683.807E%carl@redhoundsoftware.com>
Thread-Topic: [TLS] TLS 1.3 certificate delegation?
In-Reply-To: <CALCETrUGfMqVzW3PgKJuLoRpGYuOsSH2SzaXV0DxRdAxhUimmw@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS 1.3 certificate delegation?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 20:26:48 -0000
> >Interesting -- I'd never noticed that. > >That being said, proxy certificates are essentially useless unless all >clients support them. In the absence of mandatory support or a client >extension indicating acceptance of proxy certificates, they won't be >used. Of course, but the same goes for notional hybrid server/CA certificates too, no? There is apparently some support for proxy certificates in Apache. I've no idea what it's used for or how well it works though.
- Re: [TLS] TLS 1.3 certificate delegation? Martin Rex
- Re: [TLS] TLS 1.3 certificate delegation? Martin Rex
- Re: [TLS] TLS 1.3 certificate delegation? Andy Lutomirski
- Re: [TLS] TLS 1.3 certificate delegation? Carl Wallace
- [TLS] TLS 1.3 certificate delegation? Andy Lutomirski
- Re: [TLS] TLS 1.3 certificate delegation? Carl Wallace
- Re: [TLS] TLS 1.3 certificate delegation? Andy Lutomirski
- Re: [TLS] TLS 1.3 certificate delegation? Carl Wallace
- Re: [TLS] TLS 1.3 certificate delegation? Andy Lutomirski
- Re: [TLS] TLS 1.3 certificate delegation? Johannes Merkle
- Re: [TLS] TLS 1.3 certificate delegation? Johannes Merkle
- Re: [TLS] TLS 1.3 certificate delegation? Bill Frantz
- Re: [TLS] TLS 1.3 certificate delegation? Salz, Rich
- Re: [TLS] TLS 1.3 certificate delegation? Martin Rex
- Re: [TLS] TLS 1.3 certificate delegation? Andy Lutomirski
- Re: [TLS] TLS 1.3 certificate delegation? Salz, Rich
- Re: [TLS] TLS 1.3 certificate delegation? Martin Rex
- Re: [TLS] TLS 1.3 certificate delegation? Johannes Merkle
- Re: [TLS] TLS 1.3 certificate delegation? Johannes Merkle
- Re: [TLS] TLS 1.3 certificate delegation? Andy Lutomirski
- Re: [TLS] TLS 1.3 certificate delegation? Andy Lutomirski
- Re: [TLS] TLS 1.3 certificate delegation? Michael D'Errico
- Re: [TLS] TLS 1.3 certificate delegation? Rob Stradling
- Re: [TLS] TLS 1.3 certificate delegation? Andy Lutomirski
- Re: [TLS] TLS 1.3 certificate delegation? Peter Sylvester
- Re: [TLS] TLS 1.3 certificate delegation? Martin Rex
- Re: [TLS] TLS 1.3 certificate delegation? Peter Sylvester