IETF Logo Mail Archive

[TLS] PR#448: CertificateStatus to extension

Eric Rescorla <ekr@rtfm.com> Mon, 02 May 2016 20:43 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D027212D518 for <tls@ietfa.amsl.com>; Mon, 2 May 2016 13:43:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDUq6fpW972k for <tls@ietfa.amsl.com>; Mon, 2 May 2016 13:43:50 -0700 (PDT)
Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FF4612D1AD for <tls@ietf.org>; Mon, 2 May 2016 13:43:50 -0700 (PDT)
Received: by mail-yw0-x236.google.com with SMTP id g133so266837232ywb.2 for <tls@ietf.org>; Mon, 02 May 2016 13:43:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=xv4vstSL0wiEbvFBIkCSTHoE9Kw/iyUD3vyPC0g6acQ=; b=UHHjeljOvMHNQdkif/MqHTPUFDp8/XBykpiA3RJi1XJCgRX+f9663DRh61yC5EoUkM 3rg6ZYiD0jmK5u7Ktj7IVqo3HkK8mba2LVsNqftMH0QXGQ/sRIVlBcxgDqNnwSyobbyw qlG6kuVn7xXUA282E2dEclm7VOyE3wTrI4qfiXYdQ7VV7ki696XR+yXqp9aYAd3HnQXW d24WL/aQsvAnMte/MMQTrf9/hUk1IEdbdQpX9QfvlqnoOXOyPT/mDEB9jZzHhwPO+NJp RksE6KG3omcJ/tsboZwGKiOPVtSZmL33AFNx15BMKRZskPEVENPH7bwf+bOOtX4LC9c1 bRbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xv4vstSL0wiEbvFBIkCSTHoE9Kw/iyUD3vyPC0g6acQ=; b=WEYuWjqsFjva1ZbOk05Y6p62wiZWBONQj0uwkdsnRqf2gPW90UlHaF+cUcbqHbJSpl iR7rcpsDsbsMTtrtv+XFGSPLEplDV/V4uc/ZtO8jZvFEjnojIL+PQgxvsEAAP/peHwfT JNp92vbYgzUm5DHzL41eHblhxkUwFX73AlHor3T/BHcvhWbJJE8fgWE6mWwSOR2NXk3Q A7YEZZ52f2IZEVAWkqtsPRAFxlQky8MUVE0P4w74UedJG9kdD1Xb/ZHtjcC3veA/C02X 0kVdrrVM0As9hzCAZqRhHGYBnaROoJQj8pWAVgcpuXVuhvBs2pemTxg1LrM3+wl07p92 3r2A==
X-Gm-Message-State: AOPr4FU1LITB/xGJ6dWrt1edbxjxQJrJTtT7W18NMl2fgVSUB0ggdKmgCvUX3n1NpzT1HZV0a9kga0iqlXbx9Q==
X-Received: by 10.129.51.140 with SMTP id z134mr19591958ywz.322.1462221829276; Mon, 02 May 2016 13:43:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.132.12 with HTTP; Mon, 2 May 2016 13:43:09 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 02 May 2016 13:43:09 -0700
Message-ID: <CABcZeBOBTe7juB1Ni=wkT3RJT8YJoy9KyGe5pbCaZFAL2JmmLw@mail.gmail.com>
To: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="001a1140746eb7aca60531e20ca8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/n4Pyt2qcySUaRr9LE3sL95OuRAQ>
Subject: [TLS] PR#448: CertificateStatus to extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 May 2016 20:43:51 -0000

PR: https://github.com/tlswg/tls13-spec/pull/448
Targe landing date: Wednesday

In Buenos Aires we discussed moving CertificateStatus to part of the
Certificate message. In offline conversations, it started to look like that
wasn't optimal in part because it created an asymmetry wrt Signed
Certificate Timestamps. Instead, I propose just carrying the response in
the response extensions.

I just created PR#443, which moves the CertificateStatus response to an
extension in EncryptedExtensions. Comments welcome.

-Ekr

v2.23.0 | Report a Bug | By Email