IETF Logo Mail Archive

Re: [TLS] Implementation survey: Client Certificate URL extension

Rob Dugal <RDugal@certicom.com> Tue, 18 March 2008 13:13 UTC

Return-Path: <tls-bounces@ietf.org>
X-Original-To: ietfarch-tls-archive@core3.amsl.com
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 053B728C578; Tue, 18 Mar 2008 06:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.588
X-Spam-Level:
X-Spam-Status: No, score=-100.588 tagged_above=-999 required=5 tests=[AWL=-0.151, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, HTML_MESSAGE=0.001, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i+ZnwssnjCnm; Tue, 18 Mar 2008 06:13:34 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F2C4D28C543; Tue, 18 Mar 2008 06:13:33 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 57F7E28C541 for <tls@core3.amsl.com>; Tue, 18 Mar 2008 06:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lH1WX1QSy3Z9 for <tls@core3.amsl.com>; Tue, 18 Mar 2008 06:13:21 -0700 (PDT)
Received: from mail.ca.certicom.com (mail.ca.certicom.com [38.113.160.197]) by core3.amsl.com (Postfix) with SMTP id 09DFF28C56E for <tls@ietf.org>; Tue, 18 Mar 2008 06:13:20 -0700 (PDT)
Received: from spamfilter.certicom.com (localhost.localdomain [127.0.0.1]) by mail.ca.certicom.com (Postfix) with ESMTP id B52F810027FEC; Tue, 18 Mar 2008 09:11:03 -0400 (EDT)
Received: from mail.ca.certicom.com ([127.0.0.1]) by spamfilter.certicom.com (storm.certicom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60P5cGHiMP5A; Tue, 18 Mar 2008 09:10:57 -0400 (EDT)
Received: from domino1.certicom.com (domino1.certicom.com [10.0.1.24]) by mail.ca.certicom.com (Postfix) with ESMTP; Tue, 18 Mar 2008 09:10:57 -0400 (EDT)
In-Reply-To: <1696498986EFEC4D9153717DA325CB7223A82C@vaebe104.NOE.Nokia.com>
To: Pasi.Eronen@nokia.com
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005
Message-ID: <OF8CB20A55.FCD042D6-ON85257410.00483339-85257410.00486280@certicom.com>
From: Rob Dugal <RDugal@certicom.com>
Date: Tue, 18 Mar 2008 09:09:16 -0400
X-MIMETrack: Serialize by Router on Certicom1/Certicom(Release 7.0.2FP2 HF177|August 10, 2007) at 03/18/2008 09:09:29 AM, Serialize complete at 03/18/2008 09:09:29 AM
Cc: tls@ietf.org
Subject: Re: [TLS] Implementation survey: Client Certificate URL extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0850439903=="
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org

Certicom's Security Builder SSL-C toolkit supports the 
client_certificate_url extension. Use of the hash is optional but 
recommended.
The toolkit is a C language SDK for creating client or server 
applications,with support for SSLv2, SSLv3, TLS v1.0, TLS v1.1, DTLS v1.0.

-----------------------------------------------
Robert Dugal
Member of Development Group
Certicom Corp.
EMAIL: rdugal@certicom.com
PHONE: (905) 501-3848
FAX  : (905) 507-4230
WEBSITE: www.certicom.com

tls-bounces@ietf.org wrote on 03/18/2008 07:39:49 AM:

> Hi,
> 
> We currently have two open technical issues for 4366bis,
> both related to the Client Certificate URL extension (#45 
> about making the hash mandatory; and #46 on how to do
> algorithm agility).
> 
> The proposal in IETF71 was to make including the hash a MUST
> (regardless of TLS version number), and handle algorithm agility 
> with a new extension number later (if it turns out something
> actually needs to be done).
> 
> However, making the hash mandatory has some potential for interop
> problems (if there are old implementations which don't send it).
> 
> If you have implemented, or have heard of someone implementing, 
> the client_certificate_url extension, please send email. 
> Additional details (is this a client, server, or both; do you 
> send the hash, etc.) are welcome but not required.
> 
> Best regards,
> Pasi
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email