Re: [TLS] OpenPGP and TLS cert_type code point reuse
Paul Hoffman <paul.hoffman@vpnc.org> Thu, 30 September 2010 15:17 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 228083A6CA7 for <tls@core3.amsl.com>; Thu, 30 Sep 2010 08:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.361
X-Spam-Level:
X-Spam-Status: No, score=-101.361 tagged_above=-999 required=5 tests=[AWL=0.685, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id frE1nJSyit0M for <tls@core3.amsl.com>; Thu, 30 Sep 2010 08:17:53 -0700 (PDT)
Received: from hoffman.proper.com (Hoffman.Proper.COM [207.182.41.81]) by core3.amsl.com (Postfix) with ESMTP id 491343A6C19 for <tls@ietf.org>; Thu, 30 Sep 2010 08:17:49 -0700 (PDT)
Received: from [10.20.30.158] (75-101-30-90.dsl.dynamic.sonic.net [75.101.30.90]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id o8UFIV6k040564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Sep 2010 08:18:33 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p06240803c8ca5a5b9904@[10.20.30.158]>
In-Reply-To: <4CA48C67.9050304@ieca.com>
References: <4CA48C67.9050304@ieca.com>
Date: Thu, 30 Sep 2010 08:18:30 -0700
To: Sean Turner <turners@ieca.com>, ietf-openpgp@imc.org, tls@ietf.org
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [TLS] OpenPGP and TLS cert_type code point reuse
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Sep 2010 15:17:54 -0000
At 9:11 AM -0400 9/30/10, Sean Turner wrote: >draft-mavrogiannopoulos-rfc5081bis reuses the Certificate Type value assigned in RFC 5081 (it's 1). The extension defined in draft-mavrogiannopoulos-rfc5081bis is not backwards compatible with RFC 5081. If there were many implementations, then I'd be concerned about reusing the value. The authors (and I) don't think there are any implementations other than GnuTLS, but I'd like to know if anybody knows of TLS implementations that support RFC 5081. Given that there is a known implementation of 5081, and given that GnuTLS is reasonably well-deployed, why doesn't draft-mavrogiannopoulos-rfc5081bis simply use a new certificate type number? So far, only 2 out of >200 have been allocated, so there is no shortage. --Paul Hoffman, Director --VPN Consortium
- [TLS] OpenPGP and TLS cert_type code point reuse Sean Turner
- Re: [TLS] OpenPGP and TLS cert_type code point re… Paul Hoffman
- Re: [TLS] OpenPGP and TLS cert_type code point re… Nikos Mavrogiannopoulos
- Re: [TLS] OpenPGP and TLS cert_type code point re… Paul Hoffman