On 03/29/2017 01:48 PM, Sean Leonard wrote: > If you are saying that the receiver is only expected to handle TLS > 1.2-ordered certificates: “Each following certificate MUST directly > certify the one preceding it” (MUST, not SHOULD) then we have a > different situation and PKCS #7/CMS certs-only may not be appropriate. > But the text does not currently say that, so I need clarification > before suggesting a better data format for the certificate chain. In general, the expectation is that the ACME client passes the certificate chain straight to a web server or other TLS server. Generally speaking, the TLS server will then pass along the chain in the same order to the TLS client during the handshake. So I assume by "receiver" you mean TLS client, right?
My understanding of TLS deployment is that, even though TLS 1.2, 1.1, and 1.0 required strict ordering of certificates in the chain, deployed clients were actually tolerant of out-of-order certificates. I haven't followed TLS 1.3 standardization closely, but my guess is that that's the reason the ordering requirement was relaxed. So I think the answer to your question is: The receiver (TLS client) is expected to handle TLS 1.3-ordered certificates, and our belief is that that's reasonable given today's deployments. _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
