Ben,
Thanks for pointing that out, you are right. A client is jointly
authoritative if there was in-handshake client auth followed by a
post-handshake client auth. Subsequent client authentications can be
computed in any order and are disambiguated by the context id.
Nick
On Tue, May 23, 2017 at
On 05/23/2017 03:07 PM, Nick Sullivan wrote:
> 3) In TLS 1.3 post-handshake authentication, each successive
> certificate added to the connection is incorporated into the handshake
> state. The last certificate in a sequence of authentications would
> result in a connection in which the party could
Hi Watson,
Some points that should help clarify your questions:
1) The certificate used in the construction is no the plain certificate
chain, it's the TLS 1.3 certificate message which could contain extensions.
2) The finished message is used to bind the certificate+certificateverify
to the conne
Dear all,
I don't think this design needs to be as complex as it is. Why isn't
signing a party-dependent (server or client) exporter with the key of the
certificate, and then appending the certificate chain, enough? I am fairly
certain this gets the properties we need. Further, the language aroun
