On Thu, Feb 03, 2022 at 09:53:16AM -0800, Christopher Wood wrote:
>
> On Feb 3, 2022, at 9:49 AM, Jens Guballa wrote:
> >
> > Thanks for the clarification. Is there a value reserved for the
> > tls-flags extension? I couldn't find one, neither in the draft
> > nor in the IANA registry.
>
> Nope
I noticed that the "dnssec_chain" extension in the IANA registry lists
only "CH" in the "TLS 1.3" column. However, the extension sends its
response in the certificate message (section 2.2), so I think that
column should read "CH, CT".
-Ilari
___
TLS ma
On Wed, Feb 16, 2022 at 05:45:47AM +, Kampanakis, Panos wrote:
> Good comments, thank you Ilari.
>
> To answer your comments
>
> > 1) There are a few "shall" in the text. Should those be "SHALL"?
>
> The two "shall" refer to draft-ietf-tls-tlsflags. Based on experience
> from previous dra
The UTA chairs issued a 2nd WGLC. Please send replies to: u...@ietf.org.
Cheers,
spt
> Begin forwarded message:
>
> From: "Valery Smyslov"
> Subject: [Uta] Second WGLC for draft-ietf-uta-rfc7525bis-05
> Date: February 14, 2022 at 06:38:42 EST
> To: ,
> Cc: 'Leif Johansson' , uta-cha...@ietf.or
Hi
During Ben Kaduk’s AD review of draft-ietf-tls-subcerts, he noted that we need
to address whether the I-D can also apply to DTLS. This might be useful for
WebRTC, for example.
Right now the I-D exclusively mentions TLS. The fix might be as easy as a
global replace of TLS with (D)TLS. Can an
>Right now the I-D exclusively mentions TLS. The fix might be as easy as a
> global replace of TLS with (D)TLS. Can anybody think of a reason to preclude
> DTLS?
I can't think of one. I wonder if this also extends to QUIC and NTP security,
but that's up to those WG's or UTA I guess.
On Wed, Feb 16, 2022, at 22:26, Ilari Liusvaara wrote:
> I think the language in tlsflags about acknowledging extensions is
> confusing. Tlsflags behavior should be similar to extensions, which do
> not have acknowledgment requirement in base TLS (any acknowledgement
> requirement is per extension)
I see no reason to preclude DTLS. DTLS-OK should be Y.
Some quick comments on the document:
- "certificate key" seems undefined.
- "Delegated credentials do not provide any additional form of early
revocation."
I think this definitly require more security considerations. For systems doing
On Thu, Feb 17, 2022, at 07:25, Sean Turner wrote:
> Right now the I-D exclusively mentions TLS. The fix might be as easy as
> a global replace of TLS with (D)TLS. Can anybody think of a reason to
> preclude DTLS?
I just checked and our implementation (thanks again Chris P) works and is
tested
On Wed, Feb 16, 2022 at 2:41 PM Kampanakis, Panos wrote:
> Some responses below (sorry long email):
>
No worries, I think this invites some long responses, in part, because it's
complex.
> > how is that functionally different than simply saying "Intermediate 2"
> is the Trust Anchor, using the
10 matches
Mail list logo
