[TLS] Mirja Kühlewind's No Objection on draft-ietf-tls-tls13-cert-with-extern-psk-03: (with COMMENT)

Mirja Kühlewind via Datatracker <noreply@ietf.org> Wed, 11 December 2019 17:16 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: tls@ietf.org
Delivered-To: tls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F3856120088; Wed, 11 Dec 2019 09:16:51 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: =?utf-8?q?Mirja_K=C3=BChlewind_via_Datatracker?= <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-tls-tls13-cert-with-extern-psk@ietf.org, Joseph Salowey <joe@salowey.net>, tls-chairs@ietf.org, joe@salowey.net, tls@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.113.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: =?utf-8?q?Mirja_K=C3=BChlewind?= <ietf@kuehlewind.net>
Message-ID: <157608461199.11437.2061730930042533586.idtracker@ietfa.amsl.com>
Date: Wed, 11 Dec 2019 09:16:51 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1eucL-ko6-AKl5TAa-NjDYOg8yo>
Subject: [TLS] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draft-i?= =?utf-8?q?etf-tls-tls13-cert-with-extern-psk-03=3A_=28with_COMMENT=29?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 17:16:52 -0000

Mirja Kühlewind has entered the following ballot position for
draft-ietf-tls-tls13-cert-with-extern-psk-03: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tls-tls13-cert-with-extern-psk/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Just a small thing to double-check: I wonder if this sentence would actually
require an update to RFC8446:
   "TLS 1.3 does not permit the server to send a CertificateRequest
   message when a PSK is being used.  This restriction is removed when
   the "tls_cert_with_extern_psk" extension is negotiated, allowing
   certificate-based authentication for both the client and the server."
Or maybe it should be phrased differently, just:
"If the "tls_cert_with_extern_psk" extension is negotiated, certificate-based
authentication is allowed for both the client and the server." I guess it
depends on what exactly is said in RFC8446 (and I didn't went and tried to find
it).

And as a side note, it is usually recommended to provide the link to the
registry in the IANA section (to make life for IANA easier).