[TLS] PR#448: CertificateStatus to extension
Eric Rescorla <ekr@rtfm.com> Mon, 02 May 2016 20:43 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D027212D518 for <tls@ietfa.amsl.com>; Mon, 2 May 2016 13:43:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDUq6fpW972k for <tls@ietfa.amsl.com>; Mon, 2 May 2016 13:43:50 -0700 (PDT)
Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FF4612D1AD for <tls@ietf.org>; Mon, 2 May 2016 13:43:50 -0700 (PDT)
Received: by mail-yw0-x236.google.com with SMTP id g133so266837232ywb.2 for <tls@ietf.org>; Mon, 02 May 2016 13:43:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=xv4vstSL0wiEbvFBIkCSTHoE9Kw/iyUD3vyPC0g6acQ=; b=UHHjeljOvMHNQdkif/MqHTPUFDp8/XBykpiA3RJi1XJCgRX+f9663DRh61yC5EoUkM 3rg6ZYiD0jmK5u7Ktj7IVqo3HkK8mba2LVsNqftMH0QXGQ/sRIVlBcxgDqNnwSyobbyw qlG6kuVn7xXUA282E2dEclm7VOyE3wTrI4qfiXYdQ7VV7ki696XR+yXqp9aYAd3HnQXW d24WL/aQsvAnMte/MMQTrf9/hUk1IEdbdQpX9QfvlqnoOXOyPT/mDEB9jZzHhwPO+NJp RksE6KG3omcJ/tsboZwGKiOPVtSZmL33AFNx15BMKRZskPEVENPH7bwf+bOOtX4LC9c1 bRbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xv4vstSL0wiEbvFBIkCSTHoE9Kw/iyUD3vyPC0g6acQ=; b=WEYuWjqsFjva1ZbOk05Y6p62wiZWBONQj0uwkdsnRqf2gPW90UlHaF+cUcbqHbJSpl iR7rcpsDsbsMTtrtv+XFGSPLEplDV/V4uc/ZtO8jZvFEjnojIL+PQgxvsEAAP/peHwfT JNp92vbYgzUm5DHzL41eHblhxkUwFX73AlHor3T/BHcvhWbJJE8fgWE6mWwSOR2NXk3Q A7YEZZ52f2IZEVAWkqtsPRAFxlQky8MUVE0P4w74UedJG9kdD1Xb/ZHtjcC3veA/C02X 0kVdrrVM0As9hzCAZqRhHGYBnaROoJQj8pWAVgcpuXVuhvBs2pemTxg1LrM3+wl07p92 3r2A==
X-Gm-Message-State: AOPr4FU1LITB/xGJ6dWrt1edbxjxQJrJTtT7W18NMl2fgVSUB0ggdKmgCvUX3n1NpzT1HZV0a9kga0iqlXbx9Q==
X-Received: by 10.129.51.140 with SMTP id z134mr19591958ywz.322.1462221829276; Mon, 02 May 2016 13:43:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.132.12 with HTTP; Mon, 2 May 2016 13:43:09 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 02 May 2016 13:43:09 -0700
Message-ID: <CABcZeBOBTe7juB1Ni=wkT3RJT8YJoy9KyGe5pbCaZFAL2JmmLw@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1140746eb7aca60531e20ca8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/n4Pyt2qcySUaRr9LE3sL95OuRAQ>
Subject: [TLS] PR#448: CertificateStatus to extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2016 20:43:51 -0000
PR: https://github.com/tlswg/tls13-spec/pull/448 Targe landing date: Wednesday In Buenos Aires we discussed moving CertificateStatus to part of the Certificate message. In offline conversations, it started to look like that wasn't optimal in part because it created an asymmetry wrt Signed Certificate Timestamps. Instead, I propose just carrying the response in the response extensions. I just created PR#443, which moves the CertificateStatus response to an extension in EncryptedExtensions. Comments welcome. -Ekr
- [TLS] PR#448: CertificateStatus to extension Eric Rescorla
- Re: [TLS] PR#448: CertificateStatus to extension Yngve N. Pettersen
- Re: [TLS] PR#448: CertificateStatus to extension Eric Rescorla
- Re: [TLS] PR#448: CertificateStatus to extension Yngve N. Pettersen
- Re: [TLS] PR#448: CertificateStatus to extension Eric Rescorla
- Re: [TLS] PR#448: CertificateStatus to extension Watson Ladd
- Re: [TLS] PR#448: CertificateStatus to extension Eric Rescorla
- Re: [TLS] PR#448: CertificateStatus to extension Yngve N. Pettersen
- Re: [TLS] PR#448: CertificateStatus to extension Eric Rescorla