[Uta] Re: [TLS] Re: [Ace] IoT certificate profile vs TLS SNI and subjectAltName

2025-01-09 Thread Valery Smyslov
Hi, On Mon, Jan 6, 2025 at 9:31 PM Watson Ladd < watsonbl...@gmail.com> wrote: On Mon, Jan 6, 2025 at 6:14 PM Eric Rescorla mailto:e...@rtfm.com> > wrote: > > > > On Mon, Jan 6, 2025 at 11:31 AM Michael Richardson > wrote: >> >>

[Uta] Re: [TLS] Re: [Ace] IoT certificate profile vs TLS SNI and subjectAltName

2025-01-09 Thread Eric Rescorla
I see you're correct. I should have checked more closely rather than just trusting my memory. We would probably need some testing to see what happens in practice, of course. -Ekr On Thu, Jan 9, 2025 at 5:21 AM Valery Smyslov wrote: > Hi, > > > > On Mon, Jan 6, 2025 at 9:31 PM Watson Ladd wro

[Uta] Re: [TLS] Re: [Ace] IoT certificate profile vs TLS SNI and subjectAltName

2025-01-09 Thread Salz, Rich
Nice careful reading, Valery. EKR is right we need to test if this will work in practice. In particular, what are the chances that network middleboxes will reject it? :) ___ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ie

[Uta] Re: [TLS] [Ace] IoT certificate profile vs TLS SNI and subjectAltName

2025-01-09 Thread Viktor Dukhovni
On Thu, Jan 09, 2025 at 02:46:33PM +, Salz, Rich wrote: > > Nice careful reading, Valery. > > EKR is right we need to test if this will work in practice. In > particular, what are the chances that network middleboxes will reject > it? :) OpenSSL will need a patch: https://github.com/op

[Uta] Re: [Settle] IoT certificate profile vs TLS SNI and subjectAltName

2025-01-09 Thread Phillip Hallam-Baker
I am having difficulty seeing the value in this whole line of argument. What is the value in binding one random number (the public key) to an EUI-64? If we were writing some mechanism that would be acting on the network level, 802.1x or whatever, I could see some point. But even then, I am going