Re: [TLS] Review of PR #209
Martin Thomson <martin.thomson@gmail.com> Wed, 16 September 2015 19:57 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9211A038E for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 12:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjYP9A-3Ixvd for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 12:57:58 -0700 (PDT)
Received: from mail-yk0-x236.google.com (mail-yk0-x236.google.com [IPv6:2607:f8b0:4002:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 904001A037B for <tls@ietf.org>; Wed, 16 Sep 2015 12:57:58 -0700 (PDT)
Received: by ykft14 with SMTP id t14so78824071ykf.0 for <tls@ietf.org>; Wed, 16 Sep 2015 12:57:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=qW7uLSm4wKz5Gl3Vo3mkEMn3QQ/X/97K5Tfwwt47xI0=; b=sJl2oEb8ElIth/WQod1z4B4SSalJIjqyjEZ9W7OE5YKwSLNt94XPtl/weS31RLYjbQ 3WXBT9vIS3jDTZZvJe3nz4y6m9U5p2AE3vopKH1JBLtCKwQU7WvxaaUNMIMolbqCR2u1 uXda1WmHbNkGjd+XJfsYqYeR/XaabR3iGoKEj9qFIbePevA4BPmeKIOIHa4s7ydkEdKk RgToh8cLZBNW2kF6qn85BnRUWa4MIjSkqb2Zk0rV2tqFPc8Xlvzr+amqVkchOcDChKjF j8VBFI7Yzt/ZBrCMVBTQXQAKfrRqalLwUp8ETBZVt6fpavB2ffaAMuOZO380+nvCQe+N KYZA==
MIME-Version: 1.0
X-Received: by 10.129.103.67 with SMTP id b64mr30145144ywc.55.1442433477846; Wed, 16 Sep 2015 12:57:57 -0700 (PDT)
Received: by 10.129.133.130 with HTTP; Wed, 16 Sep 2015 12:57:57 -0700 (PDT)
In-Reply-To: <BLUPR03MB13960041C5E8E14B8452BDF78C5B0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABkgnnWtUjH1b3xm_peffNxNpxXE9rudJLJpn1ExNpE7B29AhA@mail.gmail.com> <BLUPR03MB13962416E8D8AD71CFFE13C08C5C0@BLUPR03MB1396.namprd03.prod.outlook.com> <20150916153041.GA14682@LK-Perkele-VII> <CABkgnnVbJvFQ217Yq7eVLV+_cuQOUVoi1Ydixq5zBC9Zju1U-g@mail.gmail.com> <20150916182459.GA15546@LK-Perkele-VII> <BLUPR03MB13960041C5E8E14B8452BDF78C5B0@BLUPR03MB1396.namprd03.prod.outlook.com>
Date: Wed, 16 Sep 2015 12:57:57 -0700
Message-ID: <CABkgnnUzDKxHeVuR8DQ32Tdbe-8e81WyEdbz6kXnrFcbnSiq+Q@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/wNO_q0b9PXLaHqzcLQWatI5eqZc>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Review of PR #209
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 19:58:00 -0000
On 16 September 2015 at 12:28, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > But I would argue that the application will only volunteer certs if it has out-of-band knowledge that client auth is required, and also knows exactly which cert is required. Otherwise, CertificateRequest should be used. I'm OK with that. We might expect that CertificateRequest has been sent by some other means than TLS in those cases. (I don't necessarily think that signature_algorithms is sufficient, just that it might be in some cases.)
- [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Ilari Liusvaara
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Eric Rescorla
- Re: [TLS] Review of PR #209 Eric Rescorla
- Re: [TLS] Review of PR #209 Ilari Liusvaara
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Daniel Kahn Gillmor
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Karthikeyan Bhargavan
- Re: [TLS] Review of PR #209 Ilari Liusvaara
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Daniel Kahn Gillmor
- Re: [TLS] Review of PR #209 Geoffrey Keating
- Re: [TLS] Review of PR #209 henry.story@bblfish.net
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Geoffrey Keating
- Re: [TLS] Review of PR #209 Henry Story