[TLS] DTLS support of SCHC

I have been doing more research on using SCHC with DTLS for general UDP applications. For this I am using MAVlink https://mavlink.io/en/ As my UDP app example. I see EKR's point on the small header design of DTLS 1.3 per RFC9147 fig 3.  I will use: 2-byte CID 1-byte Seq# (same as MAVlink)

Re: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

Hi Éric, Thank you for your review. Responses inline and edits in Github ( https://github.com/tlswg/tls-subcerts/pull/108/files). > -- > COMMENT: > -- > > # Éri

Re: [TLS] [Last-Call] Genart last call review of draft-ietf-tls-subcerts-12

Thanks Elwyn, I've updated the document in Github to address your nits ( https://github.com/tlswg/tls-subcerts/pull/108/files). Best, Nick On Wed, May 25, 2022 at 5:20 AM Lars Eggert wrote: > Elwyn, thank you for your review. I have entered a No Objection ballot for > this document. > > Lars >

Re: [TLS] Lars Eggert's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

Hi Lars, Comments addressed inline and changes to the document are in Github ( https://github.com/tlswg/tls-subcerts/pull/108/files). Best, Nick On Wed, May 25, 2022 at 5:20 AM Lars Eggert via Datatracker < nore...@ietf.org> wrote: > Lars Eggert has entered the following ballot position for > d

Re: [TLS] Francesca Palombini's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

Francesca and Christian, Thank you for the review. Answers inline below and changes in Github ( https://github.com/tlswg/tls-subcerts/pull/108/files). Best, Nick On Tue, May 31, 2022 at 11:49 AM Francesca Palombini via Datatracker < nore...@ietf.org> wrote: > Francesca Palombini has entered the

[TLS] Distinguished names for self certified TLS client authj

[Yes, I am aware of the FIDO work and it is a completely different use case, does not apply to non web applications. TLS Client Auth is an IETF spec and thus within IETF scope.] I have an infrastructure that makes private key management really simple for end users. They can manage private keys acr

Re: [TLS] [EXTERNAL] [lamps] Distinguished names for self certified TLS client authj

Hi Phillip, What clients are you trying to use this with? Browsers? This almost feels like a user-agent question: "What CA DN do you want the server to prompt for so that you put up the right certs in the popup?". Is there a CA DN that you can specify that will cause FF / Chrome to show the use

Re: [TLS] Éric Vyncke's No Objection on draft-ietf-tls-subcerts-14: (with COMMENT)

Thank you Nick for your reply and for the changes. Hope that this helped to improve the document, Regards -éric From: Nick Sullivan Date: Tuesday, 14 June 2022 at 12:47 To: Eric Vyncke Cc: The IESG , "draft-ietf-tls-subce...@ietf.org" , tls-chairs , "" , Joseph Salowey , Sean Turner Subj

Re: [TLS] [EXTERNAL] [lamps] Distinguished names for self certified TLS client authj

Hmm... looks like this is a piece of brokenness in the browsers. I see this as a two step thing. First there is 'getting it to work in the legacy browsers' and then there is 'doing it the right way'. For the second step, I have actually written my own browser (yes really) and one of the goals of

Re: [TLS] [lamps] [EXTERNAL] Distinguished names for self certified TLS client authj

On Tue, Jun 14, 2022 at 11:14 PM Phillip Hallam-Baker wrote: > > Hmm... looks like this is a piece of brokenness in the browsers. I don't think client certs are a priority for Browsers. That would significantly hinder support of interception, which is a browser design goal under Priority of Const