Ilari Liusvaara wrote: >On Wed, Jun 07, 2017 at 05:38:59AM +0000, Raja ashok wrote: >> Hi Victor & Alessandro, >> >> I have gone through the draft and I am having a doubt. >> >>> The extension only affects the Certificate message from the server. >>> It does not change the format of the Certificate message sent by the >>> client. >> >> This draft provides a mechanism to compress only the server certificate >> message, not the client certificate message. I feel client authentication >> is not performed in HTTPS of web application. But in all other applications >> (eg. Wireless sensor network) certificate based client authentication is >> more important. >> >> So I suggest we should consider compression on client certificate message >> also. > > Doing client certificate compression would add some complexity, because > the compression indication currently needs to be external to certificates, > and there is no place to stick such indication for client certificate.
A TLS extension could do this indication just fine. ASN.1 DER encoded X.509v3 certificates all have the same first 12 bits. 0x30 0x8* So sending an indication inband should also be possible. But a negotiated TLS extension (proposed by client in ClientHello, confirmed by server in ServerHello) could also change the Certificate PDU to provide room for a seperate indicator. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls