Re: [TLS] Summary of discussion regarding spontaneuous authentication
Martin Thomson <martin.thomson@gmail.com> Wed, 22 October 2014 14:29 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4B911AC429 for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 07:29:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAE5VX81U7KL for <tls@ietfa.amsl.com>; Wed, 22 Oct 2014 07:29:23 -0700 (PDT)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 074461ACC88 for <tls@ietf.org>; Wed, 22 Oct 2014 07:29:22 -0700 (PDT)
Received: by mail-lb0-f178.google.com with SMTP id w7so2966226lbi.9 for <tls@ietf.org>; Wed, 22 Oct 2014 07:29:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=BeSgwO4m515XlkYPi2gBEIwA6yav5lfDR86jgof8ewM=; b=hupP5zaSQ2vSXo0Fc3Mi6pbTGog//1u5twMPsRwBIvAage9Ar2W6p1nETEodu/j4SP sCXB2UZyyx3NGWwI049Zjz3RncSGF+kLMKcTwK+Ebwc8paVtO0tjqYvHhC1rFNQ8ppS5 5XHkqcKik4BPA1TmWehBWwabshN3cjnwgkBNTXpbeMRuSa0k9VhCtM/3Ke3xSOvLvm6z rrmsrzAYGSFaIAJtUI9P5FEqc3y1MWb3mSKuaG9AgeJDd/rnEnUGwUBK7n4cqI6yxLQa HFegl9959BZP50GTG9pxetVbboAxh6DQaip9f2rbRMf44QhENb1L6cOEgMMxF/IO2Bzo eMuA==
MIME-Version: 1.0
X-Received: by 10.112.132.104 with SMTP id ot8mr41898301lbb.3.1413988161334; Wed, 22 Oct 2014 07:29:21 -0700 (PDT)
Received: by 10.25.215.217 with HTTP; Wed, 22 Oct 2014 07:29:21 -0700 (PDT)
In-Reply-To: <20141022132623.GA19894@LK-Perkele-VII>
References: <CABkgnnUAhEV=wLZyTew=ne7VgSq50XYR3Fo5EfjNXc8=_hbpyg@mail.gmail.com> <CABkgnnXAk+HU2yaUJdOQ0w-heHwYrPK6Zf3HrH5tU+2Tk7_cCA@mail.gmail.com> <20141022125359.GA18704@LK-Perkele-VII> <CABkgnnW=aVzsi+cq=icpn4z9PjFuoiu_LQz_mnfeyPPom6LROQ@mail.gmail.com> <20141022132623.GA19894@LK-Perkele-VII>
Date: Wed, 22 Oct 2014 07:29:21 -0700
Message-ID: <CABkgnnVe3T56ia-bxgqNrpF_vXQD=T7xisrZb0Szu+L1X05+NQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/NXck2I0XTtyJ3rLuymVJrWRCW2Y
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Summary of discussion regarding spontaneuous authentication
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 14:29:27 -0000
On 22 October 2014 06:26, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > Don't confuse certificate_types with {client,server}_certificate_type{,s}. The claim was that this is either known, period, or can be pushed to the application layer. Fact is, what we have is this: Clients have one or zero certificates for a given server and will use that regardless of what appears in the CertificateRequest. Servers have one or zero certificates for each name they offer and will use that no matter what. I tend to think that we need a more general mechanism for indicating support for certificate types and signature algorithms. Maybe we could unconditionally include those in the early handshake instead.
- [TLS] Summary of discussion regarding spontaneuou… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Watson Ladd
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Ilari Liusvaara
- Re: [TLS] Summary of discussion regarding spontan… Martin Rex
- Re: [TLS] Summary of discussion regarding spontan… Salz, Rich
- Re: [TLS] Summary of discussion regarding spontan… Tom Ritter
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Andrei Popov
- Re: [TLS] Summary of discussion regarding spontan… Manuel Pégourié-Gonnard
- Re: [TLS] Summary of discussion regarding spontan… Eric Rescorla
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Martin Thomson
- Re: [TLS] Summary of discussion regarding spontan… Joseph Salowey
- Re: [TLS] Summary of discussion regarding spontan… Peter Gutmann
- Re: [TLS] Summary of discussion regarding spontan… Santosh Chokhani