[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] Can flags be responded to with an extension?
From: Eric Rescorla <ekr () rtfm ! com>
Date: 2022-04-13 22:53:34
Message-ID: CABcZeBNMXfi2Uv5XYS7Uc=W7H=2qYN0vS63A0Hzc-EkNVtC+4g () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Wed, Apr 13, 2022 at 3:51 PM Benjamin Kaduk <bkaduk@akamai.com> wrote:
> On Wed, Apr 13, 2022 at 10:56:49AM -0700, Eric Rescorla wrote:
> > Consider the case where the client wants to offer some capability that
> > the server then responds to with real data, rather than just an
> > acknowledgement.
> >
> > For instance, supposing the SCT extension from RFC 6962 did not exist,
> > the client would want to indicate support in CH and the server would
> > send the SCT in CERT, but this extension would need to be non-empty
> > and hence not a flag. draft-ietf-tls-tlsflags-09 seems a bit
> > uncelar on this point (unless I'm missing it) but I think we
> > should explicitly allow it.
>
> In my head this was already disallowed. I couldn't swear to whether
> we actually talked about it previously or not, though.
>
That's certainly possible, though I couldn't find text one way or another
-Ekr
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Wed, Apr 13, 2022 at 3:51 PM Benjamin Kaduk <<a \
href="mailto:bkaduk@akamai.com">bkaduk@akamai.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">On Wed, Apr 13, 2022 at 10:56:49AM -0700, Eric \
Rescorla wrote:<br> > Consider the case where the client wants to offer some \
capability that<br> > the server then responds to with real data, rather than just \
an<br> > acknowledgement.<br>
> <br>
> For instance, supposing the SCT extension from RFC 6962 did not exist,<br>
> the client would want to indicate support in CH and the server would<br>
> send the SCT in CERT, but this extension would need to be non-empty<br>
> and hence not a flag. draft-ietf-tls-tlsflags-09 seems a bit<br>
> uncelar on this point (unless I'm missing it) but I think we<br>
> should explicitly allow it.<br>
<br>
In my head this was already disallowed. I couldn't swear to whether<br>
we actually talked about it previously or not, \
though.<br></blockquote><div><br></div><div>That's certainly possible, though I \
couldn't find text one way or \
another</div><div><br></div><div>-Ekr</div></div></div>
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic