Re: [TLS] 3rd WGLC for draft-ietf-tls-exported-authenticators
Russ Housley <housley@vigilsec.com> Fri, 22 May 2020 15:55 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 626D43A0C14 for <tls@ietfa.amsl.com>; Fri, 22 May 2020 08:55:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPXOWJsyeAQs for <tls@ietfa.amsl.com>; Fri, 22 May 2020 08:55:13 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24DE23A0B62 for <tls@ietf.org>; Fri, 22 May 2020 08:55:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A008E300B68 for <tls@ietf.org>; Fri, 22 May 2020 11:55:10 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JE866HCp8LOT for <tls@ietf.org>; Fri, 22 May 2020 11:55:06 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-72-66-113-56.washdc.fios.verizon.net [72.66.113.56]) by mail.smeinc.net (Postfix) with ESMTPSA id 72CBB3001A7; Fri, 22 May 2020 11:55:05 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <16B2E133-DE69-4850-A23D-554FBCADEE5A@sn3rd.com>
Date: Fri, 22 May 2020 11:55:07 -0400
Cc: IETF TLS <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D99BCBC4-1CD2-4FEE-8447-A50EA4F8B011@vigilsec.com>
References: <16B2E133-DE69-4850-A23D-554FBCADEE5A@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/48_EkGKpAHxHxTY7m3Ms3PRn0QA>
Subject: Re: [TLS] 3rd WGLC for draft-ietf-tls-exported-authenticators
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2020 15:55:23 -0000
> On May 22, 2020, at 9:23 AM, Sean Turner <sean@sn3rd.com> wrote: > > This is the 3rd WGLC for "Exported Authenticators in TLS" draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. The secdir review during IETF LC raised some issues and as a result there have been a couple of new versions. Please respond to the list with any comments by 2359 UTC on 8 June 2020. I would like to see this published soon. I have one comment. Section 4: I find this confusing: extensions: The set of extensions allowed in the CertificateRequest structure are those defined in the TLS ExtensionType Values IANA registry containing CR in the TLS 1.3 column. The extensions allowed in the ClientCertificateRequest are those containing CR in the TLS 1.3 column, along with the server_name [RFC6066] extension. I think it means: extensions: The set of extensions allowed in the CertificateRequest structure and the ClientCertificateRequest structure are those defined in the TLS ExtensionType Values IANA registry [cite] containing CR in the TLS 1.3 column. In addition, the set of extensions in the ClientCertificateRequest structure MAY include the server_name [RFC6066] extension.
- [TLS] 3rd WGLC for draft-ietf-tls-exported-authen… Sean Turner
- Re: [TLS] 3rd WGLC for draft-ietf-tls-exported-au… Russ Housley
- Re: [TLS] 3rd WGLC for draft-ietf-tls-exported-au… Sean Turner
- Re: [TLS] 3rd WGLC for draft-ietf-tls-exported-au… Sean Turner
- Re: [TLS] 3rd WGLC for draft-ietf-tls-exported-au… Watson Ladd
- [TLS] Closing WGLC (was Re: 3rd WGLC for draft-ie… Sean Turner
- Re: [TLS] Closing WGLC (was Re: 3rd WGLC for draf… Nick Sullivan
- Re: [TLS] Closing WGLC (was Re: 3rd WGLC for draf… Sean Turner