Re: [TLS] certificate_request_context
Martin Thomson <martin.thomson@gmail.com> Fri, 07 October 2016 08:59 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id E69EA129546
for <tls@ietfa.amsl.com>; Fri, 7 Oct 2016 01:59:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id n-ZPwgOTJ2F7 for <tls@ietfa.amsl.com>;
Fri, 7 Oct 2016 01:59:44 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com
[IPv6:2607:f8b0:400d:c09::236])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 812DF129537
for <tls@ietf.org>; Fri, 7 Oct 2016 01:59:44 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id f128so17992154qkb.1
for <tls@ietf.org>; Fri, 07 Oct 2016 01:59:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=7xY+IF8OOR7Cdz+Fvpz+4Zdnko9bmNjANu3JAAgeiUg=;
b=pGTltb1lrz/6FGCrLcKQ0O76SXJTj0q8epBT8F4cvfEZKm4hTlMViQrid2aIyXRgl9
caE5qas/ybNhbDXcgYWULkl6DRU0vFRHNIdpaVrTbSFOzpmdblRmmQFDcHxx/8Uabids
k/pewy+DmrLYVko9LyU0CTnawo3WJGHIGs3ny3JxjI/Ft4Zh1D78AqZcw8Fr7iuTITfA
RKn4AD//Q04W0iHCqkt2crO7rD4jiskGgLqIFYM9E9xw45D+BhUn7CA01OPd3q9mjXBk
6aGIDIIFgL3rqmw2H918TgBNDW3+xynYVPxN0QNeOKyQQXJrBZ3i3u/ulrlkd0xRW425
onJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=7xY+IF8OOR7Cdz+Fvpz+4Zdnko9bmNjANu3JAAgeiUg=;
b=aRO0dgvReKA6NPX8Tvl/lDpnwY/fpuTl8tsXfQrBPeVeyAcWT0II223Le6MXBFqhYh
HfqcH4oCFf+xFk470L2ZvwGS9sMRdh762T+gECyW0WO1f0/T6+kidKjGAdTTgtEZOsIe
k9BA774206IYSuPbEOOAAjqhuz9VU0IdqhT/8F3jyng3UWiZojLN4wYNBy1JE26s6PpZ
pmoIUczl7BRKf9AIUrD4MNMIlNEmtZgA/HdKIJBtEPU3bX9WdIJmttDkWpgiObNhYpeI
fbxaTmMFQAz5x1tJ3cL8uCD77W4SbgU173vCSmqJrAvxv/jVgeP5iS9CuMiFy6RLIUup
k/Tw==
X-Gm-Message-State: AA6/9RmbL4HCKMvIcKgiAvCVuNiE/OAmk2EfJ4X7/7QLOYnZsmnJ0Fb4OZ+rdxXrWv8IpFiwZB+wauWxybbfrw==
X-Received: by 10.55.165.16 with SMTP id o16mr18771366qke.5.1475830783703;
Fri, 07 Oct 2016 01:59:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.7 with HTTP; Fri, 7 Oct 2016 01:59:43 -0700 (PDT)
In-Reply-To: <20161007083415.GA8456@LK-Perkele-V2.elisa-laajakaista.fi>
References: <3a6ce7fb-143a-2d67-6682-f221048aed49@gmx.net>
<20161007083415.GA8456@LK-Perkele-V2.elisa-laajakaista.fi>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 7 Oct 2016 19:59:43 +1100
Message-ID: <CABkgnnW3W6vk0AopaEMt=67nR49AHT2N4dgt_YxQkO4f8MUFSQ@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bEGpqivlqFfHEsOnzBpo-mqa-iE>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] certificate_request_context
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working
group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>,
<mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>,
<mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 08:59:46 -0000
On 7 October 2016 at 19:34, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > If application supports any sort of multiplexing (e.g. HTTP/2), one > presumably wants the context to be non-opaque and identify the stream > that caused the request + some parameters about the request (to avoid > duplicating those in application layer). It's opaque to TLS. And 255 simply establishes the number of octets in the length (1), if you don't need that much context (few will even if they implement this), don't use the extra space.
- [TLS] certificate_request_context Hannes Tschofenig
- Re: [TLS] certificate_request_context Ilari Liusvaara
- Re: [TLS] certificate_request_context Martin Thomson
- Re: [TLS] certificate_request_context Hannes Tschofenig
- Re: [TLS] certificate_request_context Martin Thomson
- Re: [TLS] certificate_request_context Hannes Tschofenig
- Re: [TLS] certificate_request_context Martin Thomson
- Re: [TLS] certificate_request_context Hannes Tschofenig