Re: [TLS] Can flags be responded to with an extension?
Eric Rescorla <ekr@rtfm.com> Wed, 13 April 2022 22:54 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDBDA3A18CB for <tls@ietfa.amsl.com>; Wed, 13 Apr 2022 15:54:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7-9WYq_ILsiN for <tls@ietfa.amsl.com>; Wed, 13 Apr 2022 15:54:12 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D5633A18C8 for <tls@ietf.org>; Wed, 13 Apr 2022 15:54:12 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id g21so3551995iom.13 for <tls@ietf.org>; Wed, 13 Apr 2022 15:54:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OtIP/aZMHyx1STiZdzEp4uZdW3VAu4WthAMsmLCyW5U=; b=zDsI3D4y3s0S1MlNPqYyfwaTaAdzGaIYHd5nMExfFrFBAEwGdHi1lcFaFtXrjY7dLh BiR19YcDN9gz6cmXVaZESbqSelNPfzRUOCCSVxqQZD+XviM4OQPQkxmrml1c3583B9Ww dSg1LToVWMveTiwa5FjNo8kqmyUMjJgDuF33YdpgiZhGfMFAGU8o1Hbz9tYng+O9q8Y5 c5QdAPOg9Yg1J5tkFCC+9c1E0Yz2XPZ3EetLU2O1QNniIOJMJWlHFxW8xnmKcOIGFzOG KBp1o0T6fLj6SK1ZcckIXhKpHVkcBIdbmOTVDzdFjxFZNf4u8ygf/MWb8gWo8P3CZk3+ VABQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OtIP/aZMHyx1STiZdzEp4uZdW3VAu4WthAMsmLCyW5U=; b=1aF+IV9h30ZltgBikOFYD3xuXkf38KzmxsXLrOtGVD4GYAOPESh1ZwOcj2i1CSjRZ1 sJo+bYAG5VZj5e68F298amB4C8BKFVi9o67mcJ6k4LtvPA6QVq+fYQ2h20GOFTL/E22P 3Edz/GE4CZhpDc1YqMyirHAU45zrAli3r0CQhLoKrjzTIfF5WO8WaJfcNdP2o2F2556b wGMWsPNJ6k4oON26g2PpDp2v7rSggbexoiPilldwQJGZuMxkk8Uk4xwbCFgjJqSznAAs NbkAogtPiJy8HaJ0u2Pgk0i8lljDXX7QQPJbSKPagC9BeX8+PzfxB0E1gg8eHCSWV0+a qWQw==
X-Gm-Message-State: AOAM530QMZoWxjl6sZhIlCo71Cv/rybSeTNANhM/mEviHy066mq2Qeyf 92QRZBwJ399x/bhwB3tfRJd7Fp5K1VQU5fKKztz7fA==
X-Google-Smtp-Source: ABdhPJxZIDy5ThbDJ/iWoMci8DdhHTxoCzB/KI9lJEuKBoHBnqzPYmSMxuhkWJdriXYxZgYwk0eo6T1X76zkbz/jfRk=
X-Received: by 2002:a05:6638:13c1:b0:323:cda3:d10c with SMTP id i1-20020a05663813c100b00323cda3d10cmr21497320jaj.111.1649890451511; Wed, 13 Apr 2022 15:54:11 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBPyqFSgdiUbgKk5QbHnDA_zT8RH_KROebTrUNOnfqZZGQ@mail.gmail.com> <20220413225130.GC3149@akamai.com>
In-Reply-To: <20220413225130.GC3149@akamai.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 13 Apr 2022 15:53:34 -0700
Message-ID: <CABcZeBNMXfi2Uv5XYS7Uc=W7H=2qYN0vS63A0Hzc-EkNVtC+4g@mail.gmail.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000047efbf05dc910ee4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/jo4a3OMkoKceEmPBYron-ruZo_o>
Subject: Re: [TLS] Can flags be responded to with an extension?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2022 22:54:17 -0000
On Wed, Apr 13, 2022 at 3:51 PM Benjamin Kaduk <bkaduk@akamai.com> wrote: > On Wed, Apr 13, 2022 at 10:56:49AM -0700, Eric Rescorla wrote: > > Consider the case where the client wants to offer some capability that > > the server then responds to with real data, rather than just an > > acknowledgement. > > > > For instance, supposing the SCT extension from RFC 6962 did not exist, > > the client would want to indicate support in CH and the server would > > send the SCT in CERT, but this extension would need to be non-empty > > and hence not a flag. draft-ietf-tls-tlsflags-09 seems a bit > > uncelar on this point (unless I'm missing it) but I think we > > should explicitly allow it. > > In my head this was already disallowed. I couldn't swear to whether > we actually talked about it previously or not, though. > That's certainly possible, though I couldn't find text one way or another -Ekr
- [TLS] Can flags be responded to with an extension? Eric Rescorla
- Re: [TLS] Can flags be responded to with an exten… Ilari Liusvaara
- Re: [TLS] Can flags be responded to with an exten… Benjamin Kaduk
- Re: [TLS] Can flags be responded to with an exten… Eric Rescorla
- Re: [TLS] Can flags be responded to with an exten… Yoav Nir
- Re: [TLS] Can flags be responded to with an exten… Eric Rescorla
- Re: [TLS] Can flags be responded to with an exten… Benjamin Kaduk
- Re: [TLS] Can flags be responded to with an exten… Eric Rescorla
- Re: [TLS] Can flags be responded to with an exten… Benjamin Kaduk
- Re: [TLS] Can flags be responded to with an exten… Yoav Nir