Re: [TLS] certificate_request_context

Martin Thomson <martin.thomson@gmail.com> Fri, 07 October 2016 08:59 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E69EA129546 for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 01:59:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n-ZPwgOTJ2F7 for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 01:59:44 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 812DF129537 for <tls@ietf.org>; Fri, 7 Oct 2016 01:59:44 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id f128so17992154qkb.1 for <tls@ietf.org>; Fri, 07 Oct 2016 01:59:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=7xY+IF8OOR7Cdz+Fvpz+4Zdnko9bmNjANu3JAAgeiUg=; b=pGTltb1lrz/6FGCrLcKQ0O76SXJTj0q8epBT8F4cvfEZKm4hTlMViQrid2aIyXRgl9 caE5qas/ybNhbDXcgYWULkl6DRU0vFRHNIdpaVrTbSFOzpmdblRmmQFDcHxx/8Uabids k/pewy+DmrLYVko9LyU0CTnawo3WJGHIGs3ny3JxjI/Ft4Zh1D78AqZcw8Fr7iuTITfA RKn4AD//Q04W0iHCqkt2crO7rD4jiskGgLqIFYM9E9xw45D+BhUn7CA01OPd3q9mjXBk 6aGIDIIFgL3rqmw2H918TgBNDW3+xynYVPxN0QNeOKyQQXJrBZ3i3u/ulrlkd0xRW425 onJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=7xY+IF8OOR7Cdz+Fvpz+4Zdnko9bmNjANu3JAAgeiUg=; b=aRO0dgvReKA6NPX8Tvl/lDpnwY/fpuTl8tsXfQrBPeVeyAcWT0II223Le6MXBFqhYh HfqcH4oCFf+xFk470L2ZvwGS9sMRdh762T+gECyW0WO1f0/T6+kidKjGAdTTgtEZOsIe k9BA774206IYSuPbEOOAAjqhuz9VU0IdqhT/8F3jyng3UWiZojLN4wYNBy1JE26s6PpZ pmoIUczl7BRKf9AIUrD4MNMIlNEmtZgA/HdKIJBtEPU3bX9WdIJmttDkWpgiObNhYpeI fbxaTmMFQAz5x1tJ3cL8uCD77W4SbgU173vCSmqJrAvxv/jVgeP5iS9CuMiFy6RLIUup k/Tw==
X-Gm-Message-State: AA6/9RmbL4HCKMvIcKgiAvCVuNiE/OAmk2EfJ4X7/7QLOYnZsmnJ0Fb4OZ+rdxXrWv8IpFiwZB+wauWxybbfrw==
X-Received: by 10.55.165.16 with SMTP id o16mr18771366qke.5.1475830783703; Fri, 07 Oct 2016 01:59:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Fri, 7 Oct 2016 01:59:43 -0700 (PDT)
In-Reply-To: <20161007083415.GA8456@LK-Perkele-V2.elisa-laajakaista.fi>
References: <3a6ce7fb-143a-2d67-6682-f221048aed49@gmx.net> <20161007083415.GA8456@LK-Perkele-V2.elisa-laajakaista.fi>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 07 Oct 2016 19:59:43 +1100
Message-ID: <CABkgnnW3W6vk0AopaEMt=67nR49AHT2N4dgt_YxQkO4f8MUFSQ@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bEGpqivlqFfHEsOnzBpo-mqa-iE>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] certificate_request_context
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 08:59:46 -0000

On 7 October 2016 at 19:34, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> If application supports any sort of multiplexing (e.g. HTTP/2), one
> presumably wants the context to be non-opaque and identify the stream
> that caused the request + some parameters about the request (to avoid
> duplicating those in application layer).


It's opaque to TLS.  And 255 simply establishes the number of octets
in the length (1), if you don't need that much context (few will even
if they implement this), don't use the extra space.