Re: [TLS] certificate_request_context

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 07 October 2016 09:45 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29B03129528 for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 02:45:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.597
X-Spam-Level:
X-Spam-Status: No, score=-5.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VUwezc-5TYKq for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 02:45:14 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EF2E12944D for <tls@ietf.org>; Fri, 7 Oct 2016 02:45:14 -0700 (PDT)
Received: from [192.168.91.133] ([80.92.121.244]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0LkTSx-1bKkaj1Og7-00cSW4; Fri, 07 Oct 2016 11:45:10 +0200
To: Martin Thomson <martin.thomson@gmail.com>, Ilari Liusvaara <ilariliusvaara@welho.com>
References: <3a6ce7fb-143a-2d67-6682-f221048aed49@gmx.net> <20161007083415.GA8456@LK-Perkele-V2.elisa-laajakaista.fi> <CABkgnnW3W6vk0AopaEMt=67nR49AHT2N4dgt_YxQkO4f8MUFSQ@mail.gmail.com>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <ed519b04-1a6b-e299-596b-9d9f9d8eb419@gmx.net>
Date: Fri, 07 Oct 2016 11:45:07 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CABkgnnW3W6vk0AopaEMt=67nR49AHT2N4dgt_YxQkO4f8MUFSQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="HI7CRkNBWvUces3uvTpbC4VaE95Q4o4On"
X-Provags-ID: V03:K0:QkMLeCzoWxfu4Zp8DypevLKhTS9RwK5H+aoqf763p25nUlfDMjm vDDsC9fCTUt7LoJZv+QGxNeBpR7IwHNalTKvAKjodI+SW27+DuWKE5g3PLRuzhqEfnMvFIn 6qbg/pytWdn1mh04r2/MOiGMOE9RXeeq1PjhfNpuIAAyWc463Gm7YWQ2ge3gD2GDfh3X+xD qyQrucSJ+ALBjAPIkEG3Q==
X-UI-Out-Filterresults: notjunk:1;V01:K0:MwZw9gU81L8=:SYhGtQmsC9HkY5Y4oHrr/3 5o3KakJtXKMYfFD1KZ1qEnF8WDqMGospQMAUUdpWWoBWpaXu3ASKjx5HN9yCG3ethJQn2oPni YVxmPEs5uFpS80Z5hG5e6DMMUH4GqLpSzCZLW4tGZyzN9g+6jNP4JyGeG+sFYrDu4KS74JDmK oOKg1CFKu25pSoZSY25Ziztblk4Xvg6mUu2CwiMs5asug7f2a1uh64Tw/Wg/w2snWi6gWHS0R hirnm0OHy8brus1mRwj18TSs71/gaH5RjDeyV6IvERMFzI5lta8g68Gw59fHeL9SQ1WYmycRD npSsOxy0hMLZoCc3Sn5u1JYkJz+8iyihFjZNr2xyKaDnypHl7QLlgoIwdcUnhCtBT+e3yogZU r0nkCpn01vWJTizmCNyt6C61459AB5Xq1TeL0uCvyaQ8svjPOu7gl91sQu0A0pjO4FJfGTzxD fXBK6lB0KVMj2Dujuvly8zhYbkLM0za4N7Jwfcl0tJGkZq+l5EUjullRjdHQ0VnrkEJe9gQV1 HxcxGK1E4jyc5gFw92dNIwekvwfDrLJmx9emEEgw6SMf8+hG39vOIkMjXllE69M+q7+6jtZAD o4XNwzM7yP4TPLeKru4LhGeSTDVTj5Cer+BIWwQ0LhMBODYS7MlKIl7csZrKmwPb0T0UsPi6m s0LZcHkS7ctNExo5KD0L9W8Q9EPiMMkqE86hWPo/GeW0yy6LEqdSvRtMdPr5/5i89AGtoZXUw Es/iKAd74/lVsfqQ6S3ecQvzSyy1qTToj1gX8RQhVjbreqonc04jJNht1Q8=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UrYMohTOTsLsrHhInUftsoWikoc>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] certificate_request_context
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 09:45:16 -0000

Hi Martin,

the problem is that with embedded implementations you need to be
prepared to receive this amount of data when the specification says so.


On 10/07/2016 10:59 AM, Martin Thomson wrote:
> On 7 October 2016 at 19:34, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
>> If application supports any sort of multiplexing (e.g. HTTP/2), one
>> presumably wants the context to be non-opaque and identify the stream
>> that caused the request + some parameters about the request (to avoid
>> duplicating those in application layer).
> 
> 
> It's opaque to TLS.  And 255 simply establishes the number of octets
> in the length (1), if you don't need that much context (few will even
> if they implement this), don't use the extra space.
>