Re: [TLS] kc2kdm.com should be live with delegated credentials -03
Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 28 March 2019 19:37 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12517120369 for <tls@ietfa.amsl.com>; Thu, 28 Mar 2019 12:37:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JaZWi8z4cZvp for <tls@ietfa.amsl.com>; Thu, 28 Mar 2019 12:37:27 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC78512034F for <tls@ietf.org>; Thu, 28 Mar 2019 12:37:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id C8184162A3; Thu, 28 Mar 2019 21:37:17 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id T8aHZGCSTDQ9; Thu, 28 Mar 2019 21:37:17 +0200 (EET)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 0FA997A; Thu, 28 Mar 2019 21:37:14 +0200 (EET)
Date: Thu, 28 Mar 2019 21:37:14 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Watson Ladd <watson@cloudflare.com>
Cc: tls@ietf.org
Message-ID: <20190328193714.GA26769@LK-Perkele-VII>
References: <CAN2QdAHCfxE-1O5Y=jrwDLbkCCsFaRZTD+zUH05p59NMn3J74g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAN2QdAHCfxE-1O5Y=jrwDLbkCCsFaRZTD+zUH05p59NMn3J74g@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/lbogKWuk1IzuDnx4HC-8ft_wNZM>
Subject: Re: [TLS] kc2kdm.com should be live with delegated credentials -03
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 19:37:35 -0000
On Wed, Mar 27, 2019 at 12:56:10AM +0100, Watson Ladd wrote: > Nick mentioned at the WG meeting today we were having some hiccups. > These hiccups have been fixed and we have a delegated credential. > Please let us know the results. Note the cert has an extra 05 00 in > the extension. What TLS extension codepoint is used by this test server (trying to test my own client implementation)? Reading BoringSSL source suggests 0xff02, but sending empty 0xff02 extension (request) seems to have no effect. Debug trace shows that the extension is sent in ClientHello, but server does not seem to send it back (the TLS 1.3 handshake completes with no errors, and certificate does have DelegationUsage). -Ilari
- [TLS] kc2kdm.com should be live with delegated cr… Watson Ladd
- Re: [TLS] kc2kdm.com should be live with delegate… Ilari Liusvaara
- Re: [TLS] kc2kdm.com should be live with delegate… Watson Ladd