On Fri, May 19, 2017 at 03:04:49PM +0530, Sankalp Bagaria wrote: > Hi, > > I would like to mention that TLS can be used with non-X.509 certificates > also. > In particular, it can be used with ITS ETSI and IEEE certificates. > https://datatracker.ietf.org/doc/html/draft-serhrouchni-tls-certieee1609 > > So, in my opinion, TLS should be very loosely or not at all coupled with > RFC 5280.
Just commenting on that draft, I don't see anything that would specify how the certificate message itself is formatted in TLS 1.2 if those types are used (I presume the same as the usual TLS 1.2 X.509 certificate message[1][2]). If the formatting is the same as X.509 one, mapping that to TLS 1.3 will be straightforward. If it is not the same, then the mapping to TLS 1.3 has to be explicitly defined. The reason formatting for TLS 1.2 is significant is that for TLS 1.2, it looks like each certificate type defines its own format (and none of the three formats so fare is the same). Also, avoid putting in any non- certificate fields, as that causes major problems with TLS 1.3 (as seen with OpenPGP type[3]). [1] This is list (24-bit length) of non-empty octet strings (24 bit length). [2] That the message formatting is the same does not imply that the octets string contents is in any way the same. [3] Also, RPK had its own format in TLS 1.2, but TLS 1.3 specification explicitly gives RPK type a new format. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
