[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] [Editorial Errata Reported] RFC8446 (6204)
From: "Martin Thomson" <mt () lowentropy ! net>
Date: 2020-06-09 0:55:40
Message-ID: 67c0d137-b5ae-4fb5-bc42-d68726e082d8 () www ! fastmail ! com
[Download RAW message or body]
On Fri, Jun 5, 2020, at 03:54, Russ Housley wrote:
> > On Jun 4, 2020, at 12:37 PM, Eric Rescorla <ekr@rtfm.com> wrote:
> > Changing:
> > TLS 1.3 does not permit the server to send a CertificateRequest
> > message when a PSK is being used. This restriction is removed when
> > the "tls_cert_with_extern_psk" extension is negotiated, allowing
> > certificate-based authentication for both the client and the
> > server. To: TLS 1.3 does not permit the server to send a
> > CertificateRequest message when a PSK is being used. This restriction
> > is removed when the "tls_cert_with_extern_psk" extension is
> > negotiated, allowing certificate-based authentication for both the
> > client and the server.
> >
> > To:
> > TLS 1.3 does not permit the server to send a CertificateRequest
> > message when a PSK is being used. This restriction is removed when
> > the "tls_cert_with_extern_psk" extension is negotiated, allowing
> > certificate-based authentication for both the client and the
> > server. To: TLS 1.3 does not permit the server to send a
> > CertificateRequest message when a PSK is being used. This
> > restriction is removed for the main handshake when the
> > "tls_cert_with_extern_psk" extension is negotiated, allowing
> > certificate-based authentication for both the client and the
> > server. This extension has no impact on external PSK usage
> > with post-handshake authentication, which is prohibited by
> > TLS 1.3.
I see four copies of nearly the same text here, I just want to confirm that it is \
this last one that we are talking about:
> TLS 1.3 does not permit the server to send a CertificateRequest message when a PSK \
> is being used. This restriction is removed for the main handshake when the \
> "tls_cert_with_extern_psk" extension is negotiated, allowing certificate-based \
> authentication for both the client and the server. This extension has no impact on \
> external PSK usage with post-handshake authentication, which is prohibited by TLS \
> 1.3.
> This works for me. I wonder if "initial handshake" would be better than
> "main handshake"
"initial" or "main" both add confusion here, I would strike the qualification. In \
TLS, there is only one handshake.
If you want to talk about use of a resumption PSK in this context, then maybe add \
another sentence that highlights the fact that a resumption PSK that is created from \
a connection that uses "tls_cert_with_extern_psk" can be used, but the resulting \
handshake cannot involve a CertificateRequest, though a post-handshake \
CertificateRequest is permitted.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic