On Fri, Jul 21, 2017 at 10:34 PM, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > On Fri, Jul 21, 2017 at 10:17:08PM -0700, Watson Ladd wrote: >> On Fri, Jul 21, 2017 at 12:55 PM, Benjamin Kaduk <bka...@akamai.com> wrote: >> > Unrelated to Ilari's questions, I wonder if we want to say anything about >> > certificate_request_context values being unique across both in-TLS >> > post-handshake auth and exported authenticators. >> >> This context is not a security sensitive thing: it is for disambiguation. > > I'm not so sure about that. > > If crc is repeated within a connection, then the old certificate > message can be replayed. > > If crc is guessed, then reply can be pregenerated anytime during > connection. > > However, neither seems crticial, but might be of magnitude to note.
Yes, if we want freshness then we need a challenge-response protocol. I don't recall if the H2 draft does. > > > -Ilari -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls