On Mon, Aug 24, 2015 at 2:33 PM, Paul Wouters <p...@nohats.ca> wrote:
> On Mon, 24 Aug 2015, Eric Rescorla wrote: > > TLS 1.3 encrypts both the client's and server's certificates already. >> The server's certificate is secure only against passive attack. >> > > Not having read the TLS 1.3 draft, in IKE parties can send a hash of the > CAs they trust, so unless you receive a hash of a known CA to you, you > can withold your own certificate from being sent. > > Is a similar mechanism not planned for TLS 1.3? Well, TLS already permits the server to indicate the DN of CAs which should be in the path. I have not heard of any plan to add a digest indication. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
