As discussed at the Interim, I've submitted a separate PR for TLS 1.3 CertificateRequest changes: https://github.com/tlswg/tls13-spec/pull/290
PR #290 includes the following changes: 1. Removes certificate_types, which are no longer needed. 2. Adds client cert selection by certificate extension values. This helps make CertificateRequest more specific and reduce the need for the confusing "choose a certificate" UI. Suggested text includes specific matching rules for KU and EKU extensions (these are most commonly asked for by the customers). Please review, Cheers, Andrei
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
