I see that I was a bit sloppy. The client is still authenticated with flight 3. The client authentication credential and signature are sent in flight 1. This has benefits for the DoS protection in DTLS and QUIC. While identity protection is important for personal devices, it is typically not important for infrastructure use of mTLS.
Cheers, John Preuß Mattsson From: Russ Housley <[email protected]> Date: Wednesday, 11 March 2026 at 17:00 To: John Mattsson <[email protected]>, Ilari Liusvaara <[email protected]> Cc: <[email protected]> Subject: Re: [TLS] Comments on draft-housley-tls-using-mls-handshake John and Ilari: On Mar 8, 2026, at 6:12 PM, John Mattsson <[email protected]> wrote: Ilari Liusvaara wrote: >> - Normal MTLS 1.3 performs authentication in flights 2 and 3. This >> draft moves it earlier (flights 1 and 2). The draft should describe >> this change. > >Doesn't this expose client certificate in plaintext if using mTLS? Yes, this was a choice. It could be adjusted. The reason for making this choice was to avoid spending resources on the normai TLS key management if the MLS option was going to be chosen. Russ
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
