Re: [TLS] Last Call: <draft-ietf-tls-oob-pubkey-09.txt> (Out-of-Band Public Key Validation for Transport Layer Security (TLS)) to Proposed Standard
Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 18 October 2013 09:06 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39B2C21F9A50 for <tls@ietfa.amsl.com>; Fri, 18 Oct 2013 02:06:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NHoRPhkW06nk for <tls@ietfa.amsl.com>; Fri, 18 Oct 2013 02:06:21 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ietfa.amsl.com (Postfix) with ESMTP id 14FF821F9D5D for <tls@ietf.org>; Fri, 18 Oct 2013 02:06:04 -0700 (PDT)
Received: from [172.16.254.200] ([80.92.116.76]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lm2lZ-1W6Qgt1M93-00ZeFB for <tls@ietf.org>; Fri, 18 Oct 2013 11:06:02 +0200
Message-ID: <5260FA18.4030504@gmx.net>
Date: Fri, 18 Oct 2013 11:06:32 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Alexey Melnikov <alexey.melnikov@isode.com>, ietf@ietf.org
References: <20130802072350.14846.84073.idtracker@ietfa.amsl.com> <5203B8BC.9080108@isode.com>
In-Reply-To: <5203B8BC.9080108@isode.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:zlqU1QMwfDH5sQ4L0MkElKMEbFXzBjEhVTwb9iZMrYdn4eDyYDK bJDf6h9b/81Mus5IW+4CHBKh8QVHhKe1ouv3k2KONwUG6X0JyN0AHXMXVuyOU/y68RW0xfh EitGBQwDW8kdsAxM6f+gHn9FHXFq4P1yk8zoaPbkEA74LzAnx1nYEke2D8bk4A5b/vcVJ5k 0oueSA1psyv2YfygPaAsw==
Cc: tls@ietf.org
Subject: Re: [TLS] Last Call: <draft-ietf-tls-oob-pubkey-09.txt> (Out-of-Band Public Key Validation for Transport Layer Security (TLS)) to Proposed Standard
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Oct 2013 09:06:27 -0000
Hi Alexey, the first example indeed has a copy-and-paste error. I fixed it. Ciao Hannes On 08/08/2013 05:26 PM, Alexey Melnikov wrote: > On 02/08/2013 08:23, The IESG wrote: >> The IESG has received a request from the Transport Layer Security WG >> (tls) to consider the following document: >> - 'Out-of-Band Public Key Validation for Transport Layer Security (TLS)' >> <draft-ietf-tls-oob-pubkey-09.txt> as Proposed Standard >> >> The IESG plans to make a decision in the next few weeks, and solicits >> final comments on this action. Please send substantive comments to the >> ietf@ietf.org mailing lists by 2013-08-16. Exceptionally, comments may be >> sent to iesg@ietf.org instead. In either case, please retain the >> beginning of the Subject line to allow automated sorting. >> >> Abstract >> >> >> This document specifies a new certificate type and two TLS >> extensions, one for the client and one for the server, for exchanging >> raw public keys in Transport Layer Security (TLS) and Datagram >> Transport Layer Security (DTLS) for use with out-of-band public key >> validation. > Hi, > I just read the document and support its publication. > > I think I found one minor issue: > > Section 4.1 says: > > In order to indicate the support of out-of-band raw public keys, > clients MUST include the 'client_certificate_type' and > 'server_certificate_type' extensions in an extended client hello > message. The hello extension mechanism is described in TLS 1.2 > [RFC5246]. > > In Section 5 (the first example): > > client_hello, > server_certificate_type=(RawPublicKey) -> // [1] > > So it looks like the example doesn't comply with the MUST requirement in > the Section 4.1 ("client_certificate_type" is missing) or the > requirement stated in Section 4.1 is incorrect. I suspect you meant > "'client_certificate_type' and/or 'server_certificate_type'" in Section > 4.1. > > Best Regards, > Alexey > > > >
- [TLS] Last Call: <draft-ietf-tls-oob-pubkey-09.tx… The IESG
- Re: [TLS] Last Call: <draft-ietf-tls-oob-pubkey-0… Alexey Melnikov
- Re: [TLS] Last Call: <draft-ietf-tls-oob-pubkey-0… Hannes Tschofenig