On Wed, Sep 4, 2024 at 1:11 PM Eliot Lear <l...@lear.ch> wrote: > I would argue that you're still being inaccurate. That is the message > type. If you would rather, then you should specify that "both X509 and > RawPublicKey forms of CertificateType should be supported" (those are the > only two forms permitted). A raw public key is NOT a certificate. >
But a raw key is in SPKI format isn't it? I would call that X.509 as well? Paul > Eliot > On 04.09.2024 17:37, Mohit Sethi wrote: > > This should be disregarded. RPK is a TLS certificate type. See the IANA > registry for TLS Certificate Types: > https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#tls-extensiontype-values-3 > . > > Specifically, TLS Certificate Type value of 2 corresponds to RPK (raw > public key). In TLS, the RPK is even carried in the Certificate message. > > See RFC 8446: > > enum { > X509(0), > RawPublicKey(2), > (255) > } CertificateType; > > struct { > select (certificate_type) { > case RawPublicKey: > /* From RFC 7250 ASN.1_subjectPublicKeyInfo */ > opaque ASN1_subjectPublicKeyInfo<1..2^24-1>; > > case X509: > opaque cert_data<1..2^24-1>; > }; > Extension extensions<0..2^16-1>; > } CertificateEntry; > > struct { > opaque certificate_request_context<0..2^8-1>; > CertificateEntry certificate_list<0..2^24-1>; > } Certificate; > > > --Mohit > > On 9/4/24 18:24, RFC Errata System wrote: > > The following errata report has been submitted for RFC9190, > "EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3". > > -------------------------------------- > You may review the report below and at: > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid8094&data=05%7C02%7Cmohit.sethi%40aalto.fi%7Ce3e0578f596b470ab10f08dcccf59f89%7Cae1a772440414462a6dc538cb199707e%7C1%7C0%7C638610602544992133%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=79%2BtrIbEI8hXB1TD0SxYqsAoRBTo0Wq0jMOaYSwZgjI%3D&reserved=0 > > -------------------------------------- > Type: Technical > Reported by: Eliot Lear <l...@lear.ch> <l...@lear.ch> > > Section: 2.1.1 > > Original Text > ------------- > Certificates can be of any type supported by TLS including raw > public keys. > > Corrected Text > -------------- > Certificates can be of any type supported by TLS. Raw public keys may > also be used. > > Notes > ----- > A raw public key specifically is **not** a certificate. > > Instructions: > ------------- > This erratum is currently posted as "Reported". (If it is spam, it > will be removed shortly by the RFC Production Center.) Please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > will log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC9190 (draft-ietf-emu-eap-tls13-21) > -------------------------------------- > Title : EAP-TLS 1.3: Using the Extensible Authentication > Protocol with TLS 1.3 > Publication Date : February 2022 > Author(s) : J. Preuß Mattsson, M. Sethi > Category : PROPOSED STANDARD > Source : EAP Method Update > Stream : IETF > Verifying Party : IESG > > >
_______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
