IETF Logo Mail Archive

Re: [TLS] Implementation survey: Client Certificate URL extension

"Dieter Bratko" <Dieter.Bratko@iaik.tugraz.at> Tue, 18 March 2008 16:50 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: ietfarch-tls-archive@core3.amsl.com
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3F9B3A6EED; Tue, 18 Mar 2008 09:50:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.933
X-Spam-Level:
X-Spam-Status: No, score=-100.933 tagged_above=-999 required=5 tests=[AWL=-0.496, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nUlC-ThHHmn7; Tue, 18 Mar 2008 09:50:41 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 20EC33A6EF9; Tue, 18 Mar 2008 09:50:41 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 42C8C28C68A for <tls@core3.amsl.com>; Tue, 18 Mar 2008 09:50:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SpWkqkHS71+U for <tls@core3.amsl.com>; Tue, 18 Mar 2008 09:50:38 -0700 (PDT)
Received: from mailrelay.tugraz.at (mailrelay.tu-graz.ac.at [129.27.2.202]) by core3.amsl.com (Postfix) with ESMTP id BF19C28C5BB for <tls@ietf.org>; Tue, 18 Mar 2008 09:50:37 -0700 (PDT)
Received: from thor.iaik.tugraz.at (mail1.iaik.tugraz.at [129.27.152.30]) by mailrelay2.tugraz.at (8.14.2/8.14.2) with ESMTP id m2IGmGSP026912; Tue, 18 Mar 2008 17:48:16 +0100 (CET)
X-DKIM: Sendmail DKIM Filter v2.4.2 mailrelay2.tugraz.at m2IGmGSP026912
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tugraz.at; s=mailrelay; t=1205858897; bh=2WCDU2ZZ6if9FDhTY3R4A7lLu5wmMbE/l3yMN k+9Z5A=; h=X-Virus-Scanned:Message-ID:From:To:References:Subject: Date:MIME-Version:Content-Type:Content-Transfer-Encoding: X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE; b=NwhCOcox4EdpaRD YSxw7j2gx36otQXERpi93CC7jur/yfymUyIagDFq4v2+M97h8JxSqHpy5BGpI6pC7s1 mE1t481Jrmki6ktJ4zQvCjVNAgJONFHlEbiGJTOmHbhWR1m0frSWurGIKHXqbcV8qX+ TISlNPGfb/H+qnUo4K+luE=
Received: from localhost (localhost [127.0.0.1]) by thor.iaik.tugraz.at (Postfix) with ESMTP id CE2281067B3A4; Tue, 18 Mar 2008 17:48:16 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at iaik.tugraz.at
Received: from thor.iaik.tugraz.at ([127.0.0.1]) by localhost (thor.iaik.tugraz.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OzLywg82J-YL; Tue, 18 Mar 2008 17:48:16 +0100 (CET)
Received: from vesta (vesta.iaik.tugraz.at [129.27.152.109]) by thor.iaik.tugraz.at (Postfix) with SMTP; Tue, 18 Mar 2008 17:48:16 +0100 (CET)
Message-ID: <02e801c88917$dd301c70$6d981b81@iaik.tugraz.at>
From: Dieter Bratko <Dieter.Bratko@iaik.tugraz.at>
To: Pasi.Eronen@nokia.com, tls@ietf.org
References: <1696498986EFEC4D9153717DA325CB7223A82C@vaebe104.NOE.Nokia.com>
Date: Tue, 18 Mar 2008 17:48:16 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Spam-Scanner: SpamAssassin 3.002003
X-Spam-Score-relay: -2.6
X-Scanned-By: MIMEDefang 2.63 on 129.27.10.19
Subject: Re: [TLS] Implementation survey: Client Certificate URL extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

Hello,

our IAIK iSaSiLk Java SSL/TLS library supports the 
client_certificate_url extension (client and server side).
Including the hash is optional. 

Regards,
Dieter

---------
Dieter Bratko, <mailto:Dieter.Bratko@iaik.tugraz.at>
SIC/IAIK - Graz University of Technology
IAIK, Inffeldgasse 16a, 8010 Graz, Austria, http://jce.iaik.tugraz.at/


----- Original Message ----- 
From: Pasi.Eronen@nokia.com 
To: tls@ietf.org 
Sent: Tuesday, March 18, 2008 12:39 PM
Subject: [TLS] Implementation survey: Client Certificate URL extension


Hi,

We currently have two open technical issues for 4366bis,
both related to the Client Certificate URL extension (#45 
about making the hash mandatory; and #46 on how to do
algorithm agility).

The proposal in IETF71 was to make including the hash a MUST
(regardless of TLS version number), and handle algorithm agility 
with a new extension number later (if it turns out something
actually needs to be done).

However, making the hash mandatory has some potential for interop
problems (if there are old implementations which don't send it).

If you have implemented, or have heard of someone implementing, 
the client_certificate_url extension, please send email.  
Additional details (is this a client, server, or both; do you 
send the hash, etc.) are welcome but not required.

Best regards,
Pasi
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email