Re: [TLS] Summary of discussion regarding spontaneuous authentication
Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Wed, 22 October 2014 13:26 UTC
Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FA041A913D for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 06:26:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TotQKbKKVJL0 for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 06:26:26 -0700 (PDT)
Received: from emh04.mail.saunalahti.fi (emh04.mail.saunalahti.fi [62.142.5.110]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E2CB1A9131 for <tls@ietf.org>; Wed, 22 Oct 2014 06:26:26 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh04.mail.saunalahti.fi (Postfix) with ESMTP id B57D51A2674; Wed, 22 Oct 2014 16:26:23 +0300 (EEST)
Date: Wed, 22 Oct 2014 16:26:23 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Martin Thomson <martin.thomson@gmail.com>
Message-ID: <20141022132623.GA19894@LK-Perkele-VII>
References: <CABkgnnUAhEV=wLZyTew=ne7VgSq50XYR3Fo5EfjNXc8=_hbpyg@mail.gmail.com> <CABkgnnXAk+HU2yaUJdOQ0w-heHwYrPK6Zf3HrH5tU+2Tk7_cCA@mail.gmail.com> <20141022125359.GA18704@LK-Perkele-VII> <CABkgnnW=aVzsi+cq=icpn4z9PjFuoiu_LQz_mnfeyPPom6LROQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CABkgnnW=aVzsi+cq=icpn4z9PjFuoiu_LQz_mnfeyPPom6LROQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/0v6eibj2ajlWs2-vOp9NU14oPPc
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 13:26:28 -0000
On Wed, Oct 22, 2014 at 06:08:17AM -0700, Martin Thomson wrote: > On 22 October 2014 05:53, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > > > > CertificateRequest has fields certificate_types and > > supported_signature_algorithms (there's also third field, but IMO > > that's better sent at application level). Where is the equivalent > > data put? > > At the application layer. > > These fields, as specified, are not particularly useful in the general > sense. The suggestion was that these are not valuable: > certificate_types is pretty much either known a priori (or assumed to > be X.509) and signatures have a similarly limited set of options. Don't confuse certificate_types with {client,server}_certificate_type{,s}. The relevant values of certificate_types look to be: - rsa_sign (RSA signature) - dss_sign (DSA signature) - ecdsa_sign (ECDSA signature) (There are some others, but all are either RESERVED or obviously incompatible with TLS 1.3). supported_signature_algorithms looks to be supported combinations of signature (RSA/DSA/ECDSA) and hash. Especially supported_signature_algorithms looks to belong to TLS layer (and also arguably certificate_types). Now, the "third field" was certificate_authorities. Now that is better sent on application layer. -Ilari
- [TLS] Summary of discussion regarding spontaneuou… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Rex
- Re: [TLS] Summary of discussion regarding spontan… Salz, Rich
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Andrei Popov
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Peter Gutmann
- Re: [TLS] Summary of discussion regarding spontan… Santosh Chokhani