Sorry- I misread this text. But I think the text still needs changing
for the reasons given below.
Eliot
On 02.02.23 08:26, Eliot Lear wrote:
Section 4.2.9 reads:
The Request-Action TLV MAY be sent by both the peer and the server in
response to a successful or failed Result TLV.
I suggest that this text be changed to allow a Request-Action TLV to
be sent at any time. The reasoning for this is that even with a
successful TLS exchange, the *server* may decide that the client needs
a new certificate. That may be due to many factors, including trust
anchor changes or some sort of compromise condition.
Since nobody previously implemented the PKCS#10/PKCS#7 TLVs, this
shouldn't cause interoperability problems with earlier configs.
Eliot
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
