On Mon, Jul 03, 2017 at 05:01:55PM -0700, Eric Rescorla wrote: > I wanted to call the WG's attention to one issue: > > Currently the extension table says that server_certificate_type goes > in the Certificate message, whereas client_certificate_type does > not. My reasoning for the latter is that the extensions are attached > to individual certificate elements, so it was non-sensical to have a > situation where you might have cert A be X.509 and cert B be PGP. I > think we should just change server_certificate_type to go in EE, and > then maybe in future if people want something cleverer they can add it > then. I didn't want to do this without WG discussion, but I think we > should and if people don't object I'll do it in a -22.
The certificate type is certainly associated with the certificate chain. However, it only makes sense for server certificate and there can only be one such thing[1] and the data is small, so one could stick the type in EE. [1] Exported authenticators do not count, since the way those work is rather different from usual TLS certificate authentication. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls