Re: [TLS] Proposed Change to Certificate message (#654)

Sean Turner <> Wed, 05 October 2016 19:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0C63812982D for <>; Wed, 5 Oct 2016 12:06:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id C_zJUPYshpda for <>; Wed, 5 Oct 2016 12:06:33 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B475A129839 for <>; Wed, 5 Oct 2016 12:06:29 -0700 (PDT)
Received: by with SMTP id j129so219515653qkd.1 for <>; Wed, 05 Oct 2016 12:06:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=HapvXWE7t1LmMzkK+Alhmw1HJQLv+QCblyEMUIt0uwQ=; b=aYyV1GlqzhmZj6/o5T9qwGkj24nRsxY49E5WUznq0MtRT4/vxfmQCrm06/5wHvqy7z 7cuaBWWjbamnPeMVHuBmkqOIDQAx5E3G7YMm9eg6ILF1dI/uz2XgYuBUa8jry3OIq2rJ UkxJV4tqSzFvxSwU/aFStYUvUUG/vZzQvrcw0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=HapvXWE7t1LmMzkK+Alhmw1HJQLv+QCblyEMUIt0uwQ=; b=RlwlLi1QALhS3yax5CaTC6GN6DjfMFA39UPKnaWR8YyQi/1uPcv4eRo5JmUSVmxG0A pC01cn6ghaO7XQFPoIvE7E76Mxd8B0nxYjfg+QYjGSZ+pDFfKpOGFg2MU/IJCV9IrGvS I7DzZDtNTxRH+T0Io4qKdQGiZkPjKHAaxFKGfvk8iGkgO+1iJ4/4fsl/yMJPctgptcZY uuIORmgA23XD6AkVPGZBIjNCAsdR4iM1gs0fwekIVJ4dUnBEMIMmI8Ve3FajIi6lw7pH jPJ4rpWQ9Kq94+7aoDOPX2LeFoIPyjlqByeZxSvIdiw7SqiF96iNSTT8SbFKA48mWB3P 8LtQ==
X-Gm-Message-State: AA6/9RlkVq8hTSEyEzjcr+AbeRGibR6tNv5e86PyfMyjuXygShxqbctpjuYRtrnmAHrFxw==
X-Received: by with SMTP id l82mr4263115qki.214.1475694388598; Wed, 05 Oct 2016 12:06:28 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id h22sm1984714qtb.32.2016. for <> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 05 Oct 2016 12:06:27 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Sean Turner <>
In-Reply-To: <>
Date: Wed, 5 Oct 2016 15:06:25 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: "" <>
X-Mailer: Apple Mail (2.3124)
Archived-At: <>
Subject: Re: [TLS] Proposed Change to Certificate message (#654)
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 05 Oct 2016 19:06:35 -0000

I’m not seeing objections to this PR so please let us know by Friday (7 October) whether you see any issues with what’s been proposed. 


> On Sep 22, 2016, at 20:42, Nick Sullivan <> wrote:
> PR:
> Hello,
> I'd like to propose a small to the Certificate message format to allow for future extensibility of the protocol.
> This change adds a set of extensions to the Certificate message. With this change, the Certificate message can now hold all extension messages that are certificate-specific (rather than connection-specific). This change also resolves the anomaly of OCSP messages appearing before certificates in the handshake.
> Reasoning: 
> I've come to the conclusion that the current mechanism in TLS 1.3 for OCSP and SCT is lacking forsight. OCSP and SCT are per-certificate metadata, not per-connection metadata. By putting these responses in the EncryptedExtensions, you limit these extensions to being shown once per connection. This restricts future protocol extensions from using multiple Certificate messages to support multiple certificates on the same connection. An example of this is the post-handshake authentication proposal (, which currently requires a modified post-handshake Certificate message. This proposed change would simplify the post-handshake auth proposal significantly and generally make more sense as more certificate-specific extensions are created.
> Nick
> _______________________________________________
> TLS mailing list