Re: [TLS] WGLC for draft-ietf-tls-oob-pubkey-03.txt

Martin Rex <> Fri, 04 May 2012 22:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9FE6A21F84E1 for <>; Fri, 4 May 2012 15:00:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.065
X-Spam-Status: No, score=-10.065 tagged_above=-999 required=5 tests=[AWL=0.184, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 75c9o9boWlgT for <>; Fri, 4 May 2012 15:00:50 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7DF5121F84D8 for <>; Fri, 4 May 2012 15:00:50 -0700 (PDT)
Received: from by (26) with ESMTP id q44M0k9m009192 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 5 May 2012 00:00:46 +0200 (MEST)
From: Martin Rex <>
Message-Id: <>
To: (Paul Hoffman)
Date: Sat, 5 May 2012 00:00:45 +0200 (MEST)
In-Reply-To: <> from "Paul Hoffman" at May 4, 12 10:58:25 am
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-SAP: out
Subject: Re: [TLS] WGLC for draft-ietf-tls-oob-pubkey-03.txt
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 May 2012 22:00:51 -0000

Paul Hoffman wrote:
> More importantly, the client auth text added in the last round was:
> 3.5.  Client authentication
>    Client authentication by the TLS server is supported only through
>    authentication of the received client SubjectPublicKeyInfo via an
>    out-of-band method
> This is both wrong and insufficient.

I believe it is acceptable and more correct than your proposed

RFC6091 does _not_ permit different certificates types for
client and server, so this will not fit into the extensibility provided
by rfc6091.

If you want to allow an assymetric authentication scheme
(i.e. Server->client OOB in combination with client->server X.509),
then it will be additionally necessary either to seperately negotiate
the type of client "certificate" and require to redefine both,
the CertificateRequest handshake message and the client's
Certificate Handshake message to distinguish which client
certificate type(s) the server is offering and which
client "certificate" type the client has chosen to use.

... at which point it is no longer possible to make this an
extension to rfc6091.