On Tue 2015-08-11 19:59:35 -0400, Martin Thomson wrote: > On 11 August 2015 at 16:38, Clemens Hlauschek > <clemens.hlausc...@rise-world.com> wrote: [ MT wrote: ] >>> NSS (incorrectly) adopts the posture that _ECDH_ suites are >>> half-static: the server share is in the certificate, but the client >>> side is fully ephemeral. This is clearly in violation of RFC 5246, >>> Section 7.4.7 and RFC 4492, Section 3.2. I'm not going to worry about >>> that right now :) >> >> Please elaborate. I do not see how this half-static behaviour >> constitutes any violations of the mentioned RFCs. > > Both the above cited sections say very clearly that for fixed (EC)DH > cipher suites the client where the client has a fixed (EC)DH > certificate, the client MUST send an empty ClientKeyExchange.
that's not how i'm reading 5246 ยง7.4.7 -- i see it as saying if the client has decided to send a fixed (EC)DH cert, then it MUST send an empty ClientKey Exchange. I see no requirement that a client MUST send a certificate if it has one that satisfies the server's CertificateRequest (and i would be strongly opposed to adding such a requirement -- clients should not be forced to reveal identity to a server just because of CertificateRequest message in the handshake). so i think NSS is doing the Right Thing here too. --dkg _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
