Re: [TLS] draft-ietf-tls-tls-13-17 posted

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 21 October 2016 14:01 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B33812984B for <tls@ietfa.amsl.com>; Fri, 21 Oct 2016 07:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.331
X-Spam-Level:
X-Spam-Status: No, score=-2.331 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.431] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v5kl_A4BoE8G for <tls@ietfa.amsl.com>; Fri, 21 Oct 2016 07:01:12 -0700 (PDT)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) by ietfa.amsl.com (Postfix) with ESMTP id 1050C12984A for <tls@ietf.org>; Fri, 21 Oct 2016 07:01:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id ECB03139AB; Fri, 21 Oct 2016 17:01:05 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id XqajgewBXV6N; Fri, 21 Oct 2016 17:01:05 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-237-87.bb.dnainternet.fi [87.100.237.87]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id B58492317; Fri, 21 Oct 2016 17:01:05 +0300 (EEST)
Date: Fri, 21 Oct 2016 17:00:57 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Eric Rescorla <ekr@rtfm.com>
Message-ID: <20161021140057.GA8197@LK-Perkele-V2.elisa-laajakaista.fi>
References: <CABcZeBP6pzqtcT3rmmpjr_4R+fb6ZyiAduxQiJ87B9hnRzVBXA@mail.gmail.com> <20161021093350.GA8070@LK-Perkele-V2.elisa-laajakaista.fi> <CABcZeBPd25PQhFDW+pbGCCRQM8CVWdnK3NDizYEdgcsV7gR8fg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CABcZeBPd25PQhFDW+pbGCCRQM8CVWdnK3NDizYEdgcsV7gR8fg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/j0pFkO-rVNRpoi3Nk97kQdmqkhA>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] draft-ietf-tls-tls-13-17 posted
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 14:01:14 -0000

On Fri, Oct 21, 2016 at 04:39:59AM -0700, Eric Rescorla wrote:
> On Fri, Oct 21, 2016 at 2:33 AM, Ilari Liusvaara <ilariliusvaara@welho.com>;
> wrote:
> 
> And since that implementation supports RFC7250 (for the server
> > certificate), here is my interpretation of it:
> >
> > The certificate type is sent in extensions of EE certificate,
> > via the usual server_certificate_type extension (using the server-side
> > syntax from RFC7250).
> >
> 
> I think this probably should go in Encrypted Extensions.

It is definitely related to the certificate chain, and the spec
says such things should go to the first certificate slot (and indeed
the table about extensions says it goes to certificate extensions
block (but not which one).

The client_certificate_type (which I am not using) is listed to go to
EncryptedExtensions, which definitely looks wrong to me, being another
extension related to the certificate chain.


-Ilari