Re: [TLS] stapling OCSP/CT for client cert?

Looks like TLS 1.3 already allows this for CT, though not OCSP. Would take all of four characters to fix. See this table: https://tlswg.github.io/tls13-spec/#rfc.section.4.2 One of the nice things about using TLS-style extensions in CertificateRequest is any ClientHello => (Server)Certificate

[TLS] stapling OCSP/CT for client cert?

Any thoughts on being able to staple OCSP (or CT) data to a client cert once requested by the server? -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz ___ TLS mailing list TLS@ietf.org

Re: [TLS] Last call comments and WG Chair review of draft-ietf-tls-ecdhe-psk-aead

On Wed, Feb 22, 2017 at 08:04:13AM +, Salz, Rich wrote: > Why not just say > The CCM cipher suites are not (currently) defined for TLS 1.3 > > And leave it at that. We're all quite proud of the fact, and > deservedly so, that we only have three ciphers defined for TLS 1.3. > Let's try

Re: [TLS] Last call comments and WG Chair review of draft-ietf-tls-ecdhe-psk-aead

> On 22 Feb 2017, at 8:42, Martin Thomson wrote: > > On the interaction with TLS 1.3, we probably need a decision to be made: > > 1. strike TLS 1.3 from the document and only mention it in the way Joe > suggests, TLS 1.3 doesn't get the CCM suites (it already has the

Re: [TLS] Last call comments and WG Chair review of draft-ietf-tls-ecdhe-psk-aead

Why not just say The CCM cipher suites are not (currently) defined for TLS 1.3 And leave it at that. We're all quite proud of the fact, and deservedly so, that we only have three ciphers defined for TLS 1.3. Let's try to hold that position as long as possible.