Some commentary on client authentication slides (there is no linked draft nor other material yet).
- Mechanism like proposed looks dangerous when combined with HTTP/2. Multiplexed protocols are in general not safe to authenticate without application-layer signaling (which can be implicit via separate connections), especially if dealing with something like web environment. - Regarding last point about interleaving: Assuming the scheme works in 1RTT (and I see no reason for requiring more rounds), you can't prevent application_data transmission after certificate_request. The best that can be done is to require the client to send all the authentication-related data in one go. - The certificate_types field in CertificateRequest is pretty much useless, since all supported algorithms are of signature type. - One can't just remove fields without breaking parse compatiblity, but adding field breaks parse compatiblity too, so removing field at the same time isn't a problem. - How does extension_values work? If multiple values for one OID are allowed, then the OID/value pair is repeated, once for each value? -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls