Re: [TLS] Client programs and stapling?
David Benjamin <davidben@chromium.org> Fri, 20 May 2022 17:23 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05B78C19E85F for <tls@ietfa.amsl.com>; Fri, 20 May 2022 10:23:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.825
X-Spam-Level:
X-Spam-Status: No, score=-9.825 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.575, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qDHw9cmbbBWo for <tls@ietfa.amsl.com>; Fri, 20 May 2022 10:23:50 -0700 (PDT)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A0E0C19E85E for <tls@ietf.org>; Fri, 20 May 2022 10:23:50 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id f4so9425808iov.2 for <tls@ietf.org>; Fri, 20 May 2022 10:23:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=19rPSRv3SQAlf/jKLSn9UMEKDEfkEKLcJLyjiViIMqE=; b=fV+9PvtoMPFHDKcZTXzOvnRxM7kRwr0rJBRpWUB/TEQmk0frj0JmrUVGI5Q8Sp+hZY yDauxFZfdn3XHMx/Upn/FR15SH017DipaB1tb8TWq/bTgokjmOz7FEN3zQDkbZTtt3jK dzR4VdZqw3CdS5+NqW6kcTmMD74IR52NQyuzI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=19rPSRv3SQAlf/jKLSn9UMEKDEfkEKLcJLyjiViIMqE=; b=UPvTShXs1/2rprHAcUrHHn51ui9McelK7LWZNU9OHrPSiG6CWebbr8313KUAi1T18E 638aWCR+Cd1PaxVtgowBMqsrGGgDgBT0nuHeSgk9H6JIKbChc7ciZtEFcaGGsfWmG/BJ 0j1mGR6xcFaOde8YoXWOhAeEexMjUWOQEiG5avaW8ndR6lfQURluoJLrWcH1NMLXEFx0 RIDWCbOCODeX1IzIR3n77zTZdCG5yFGIgh6/ake38Y+N+d5SJegvz8mb1JTYCO2VHACO wezgJpPkCjLJXRrQFzCd6JHlE0FAdTIKC/POQymvkgjF18yFHBhJv/zmli6/Lbgq+jQK J38g==
X-Gm-Message-State: AOAM530tF39aBaxTCEDlSjysAhxlXqI+84K4FcxoSNtsTr5FE5X3Q/+/ IsxSET+qQ2NLb7avBJBS0/MRGCR0svRKGgmmJo51XFRxMQ==
X-Google-Smtp-Source: ABdhPJwHA4WPmyEO3I9qOs2NNP8xADVsvyGtOnFPGSIoA66hFFdJtomVcQviTSAqcN2EtJOza4drvHRTp6DEraHvNdI=
X-Received: by 2002:a05:6638:13cf:b0:32b:bba7:b8ba with SMTP id i15-20020a05663813cf00b0032bbba7b8bamr6012017jaj.111.1653067428217; Fri, 20 May 2022 10:23:48 -0700 (PDT)
MIME-Version: 1.0
References: <EF0C1982-52C3-4CFB-A51F-65FE905B79E0@akamai.com>
In-Reply-To: <EF0C1982-52C3-4CFB-A51F-65FE905B79E0@akamai.com>
From: David Benjamin <davidben@chromium.org>
Date: Fri, 20 May 2022 13:23:31 -0400
Message-ID: <CAF8qwaBB4Buf7anJ1t9onem1K7fCvcR1e18zHUVa7GqxRjNr1Q@mail.gmail.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d9a7e405df74c0f8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/vt84h9C5j6j8iVz5-l8LCtgVScQ>
Subject: Re: [TLS] Client programs and stapling?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 May 2022 17:23:54 -0000
Prior to TLS 1.3, it wasn't possible because the Certificate message didn't have extensions. Starting TLS 1.3, it looks like we did define status_request to be allowed in either direction. We (BoringSSL) never implemented the client certificate direction, since we haven't needed it yet. We just ignore the extension if we see it in CertificateRequest. At a glance, it looks like OpenSSL does the same. Dunno about other implementations. On Fri, May 20, 2022 at 1:07 PM Salz, Rich <rsalz= 40akamai.com@dmarc.ietf.org> wrote: > Do client programs staple a status when sending a cert to the server? It > seems possible, someone just asked me if anyone does it. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] Client programs and stapling? Salz, Rich
- Re: [TLS] Client programs and stapling? David Benjamin
- Re: [TLS] [EXTERNAL] Re: Client programs and stap… Andrei Popov
- Re: [TLS] Client programs and stapling? Ilari Liusvaara