'Re: [TLS] Can flags be responded to with an extension?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] Can flags be responded to with an extension?
From:       Eric Rescorla <ekr () rtfm ! com>
Date:       2022-04-13 22:53:34
Message-ID: CABcZeBNMXfi2Uv5XYS7Uc=W7H=2qYN0vS63A0Hzc-EkNVtC+4g () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

On Wed, Apr 13, 2022 at 3:51 PM Benjamin Kaduk <bkaduk@akamai.com> wrote:

> On Wed, Apr 13, 2022 at 10:56:49AM -0700, Eric Rescorla wrote:
> > Consider the case where the client wants to offer some capability that
> > the server then responds to with real data, rather than just an
> > acknowledgement.
> >
> > For instance, supposing the SCT extension from RFC 6962 did not exist,
> > the client would want to indicate support in CH and the server would
> > send the SCT in CERT, but this extension would need to be non-empty
> > and hence not a flag. draft-ietf-tls-tlsflags-09 seems a bit
> > uncelar on this point (unless I'm missing it) but I think we
> > should explicitly allow it.
>
> In my head this was already disallowed.  I couldn't swear to whether
> we actually talked about it previously or not, though.
>

That's certainly possible, though I couldn't find text one way or another

-Ekr

[Attachment #5 (text/html)]

<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Wed, Apr 13, 2022 at 3:51 PM Benjamin Kaduk &lt;<a \
href="mailto:bkaduk@akamai.com">bkaduk@akamai.com</a>&gt; wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">On Wed, Apr 13, 2022 at 10:56:49AM -0700, Eric \
Rescorla wrote:<br> &gt; Consider the case where the client wants to offer some \
capability that<br> &gt; the server then responds to with real data, rather than just \
an<br> &gt; acknowledgement.<br>
&gt; <br>
&gt; For instance, supposing the SCT extension from RFC 6962 did not exist,<br>
&gt; the client would want to indicate support in CH and the server would<br>
&gt; send the SCT in CERT, but this extension would need to be non-empty<br>
&gt; and hence not a flag. draft-ietf-tls-tlsflags-09 seems a bit<br>
&gt; uncelar on this point (unless I&#39;m missing it) but I think we<br>
&gt; should explicitly allow it.<br>
<br>
In my head this was already disallowed.   I couldn&#39;t swear to whether<br>
we actually talked about it previously or not, \
though.<br></blockquote><div><br></div><div>That&#39;s certainly possible, though I \
couldn&#39;t find text one way or \
another</div><div><br></div><div>-Ekr</div></div></div>

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[prev in list] [next in list] [prev in thread] [next in thread] 