Re: [TLS] Implementation survey: Client Certificate URL extension
Rob Dugal <RDugal@certicom.com> Tue, 18 March 2008 13:13 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: ietfarch-tls-archive@core3.amsl.com
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 053B728C578; Tue, 18 Mar 2008 06:13:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.588
X-Spam-Level:
X-Spam-Status: No, score=-100.588 tagged_above=-999 required=5 tests=[AWL=-0.151, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, HTML_MESSAGE=0.001, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i+ZnwssnjCnm; Tue, 18 Mar 2008 06:13:34 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F2C4D28C543; Tue, 18 Mar 2008 06:13:33 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 57F7E28C541 for <tls@core3.amsl.com>; Tue, 18 Mar 2008 06:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lH1WX1QSy3Z9 for <tls@core3.amsl.com>; Tue, 18 Mar 2008 06:13:21 -0700 (PDT)
Received: from mail.ca.certicom.com (mail.ca.certicom.com [38.113.160.197]) by core3.amsl.com (Postfix) with SMTP id 09DFF28C56E for <tls@ietf.org>; Tue, 18 Mar 2008 06:13:20 -0700 (PDT)
Received: from spamfilter.certicom.com (localhost.localdomain [127.0.0.1]) by mail.ca.certicom.com (Postfix) with ESMTP id B52F810027FEC; Tue, 18 Mar 2008 09:11:03 -0400 (EDT)
Received: from mail.ca.certicom.com ([127.0.0.1]) by spamfilter.certicom.com (storm.certicom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60P5cGHiMP5A; Tue, 18 Mar 2008 09:10:57 -0400 (EDT)
Received: from domino1.certicom.com (domino1.certicom.com [10.0.1.24]) by mail.ca.certicom.com (Postfix) with ESMTP; Tue, 18 Mar 2008 09:10:57 -0400 (EDT)
In-Reply-To: <1696498986EFEC4D9153717DA325CB7223A82C@vaebe104.NOE.Nokia.com>
To: Pasi.Eronen@nokia.com
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.5 November 30, 2005
Message-ID: <OF8CB20A55.FCD042D6-ON85257410.00483339-85257410.00486280@certicom.com>
From: Rob Dugal <RDugal@certicom.com>
Date: Tue, 18 Mar 2008 09:09:16 -0400
X-MIMETrack: Serialize by Router on Certicom1/Certicom(Release 7.0.2FP2 HF177|August 10, 2007) at 03/18/2008 09:09:29 AM, Serialize complete at 03/18/2008 09:09:29 AM
Cc: tls@ietf.org
Subject: Re: [TLS] Implementation survey: Client Certificate URL extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0850439903=="
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
Certicom's Security Builder SSL-C toolkit supports the client_certificate_url extension. Use of the hash is optional but recommended. The toolkit is a C language SDK for creating client or server applications,with support for SSLv2, SSLv3, TLS v1.0, TLS v1.1, DTLS v1.0. ----------------------------------------------- Robert Dugal Member of Development Group Certicom Corp. EMAIL: rdugal@certicom.com PHONE: (905) 501-3848 FAX : (905) 507-4230 WEBSITE: www.certicom.com tls-bounces@ietf.org wrote on 03/18/2008 07:39:49 AM: > Hi, > > We currently have two open technical issues for 4366bis, > both related to the Client Certificate URL extension (#45 > about making the hash mandatory; and #46 on how to do > algorithm agility). > > The proposal in IETF71 was to make including the hash a MUST > (regardless of TLS version number), and handle algorithm agility > with a new extension number later (if it turns out something > actually needs to be done). > > However, making the hash mandatory has some potential for interop > problems (if there are old implementations which don't send it). > > If you have implemented, or have heard of someone implementing, > the client_certificate_url extension, please send email. > Additional details (is this a client, server, or both; do you > send the hash, etc.) are welcome but not required. > > Best regards, > Pasi > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Implementation survey: Client Certificate U… Pasi.Eronen
- Re: [TLS] Implementation survey: Client Certifica… Rob Dugal
- Re: [TLS] Implementation survey: Client Certifica… Dieter Bratko
- Re: [TLS] Implementation survey: Client Certifica… Martin Rex
- Re: [TLS] Implementation survey: Client Certifica… Peter Gutmann
- Re: [TLS] Implementation survey: Client Certifica… Pasi.Eronen
- Re: [TLS] Implementation survey: Client Certifica… Martin Rex
- Re: [TLS] Implementation survey: Client Certifica… Peter Gutmann
- Re: [TLS] Implementation survey: Client Certifica… Nelson B Bolyard
- Re: [TLS] Implementation survey: Client Certifica… Pasi.Eronen
- Re: [TLS] Implementation survey: Client Certifica… Martin Rex
- Re: [TLS] Implementation survey: Client Certifica… Mike
- Re: [TLS] Implementation survey: Client Certifica… Eric Rescorla
- [TLS] AIA cert fetching seen as harmful Nelson B Bolyard
- Re: [TLS] AIA cert fetching seen as harmful Eric Rescorla
- Re: [TLS] AIA cert fetching seen as harmful Nelson B Bolyard
- Re: [TLS] AIA cert fetching seen as harmful Eric Rescorla
- Re: [TLS] AIA cert fetching seen as harmful Mike
- Re: [TLS] Implementation survey: Client Certifica… Florian Weimer
- Re: [TLS] AIA cert fetching seen as harmful Nelson B Bolyard
- Re: [TLS] AIA cert fetching seen as harmful Nelson B Bolyard
- Re: [TLS] AIA cert fetching seen as harmful Mike