Anirudh noted [0] that existing implementation practices in TLS stacks may lead to additional complexity when implementing TLS cached info on the server side. The main issue is that the server needs to prepare the ServerHello (and list the CachedInfo extension) saying which payloads will subsequently modify. However, most implementations create each message somewhat independently and so it is not clear whether a certificate message, for example, will indeed contain the full payload or the fingerprint at the time of creating the ServerHello.
We need the WG to verify an AUTH48-proposed change to s4 of cached-info [1]. Please let us know whether you agree with the following changes by 14 July. The proposed changes can be seen in the diff: http://www.tschofenig.priv.at/Diff_rfc7924-before_after.pdf Cheers, J&S [0] https://www.ietf.org/mail-archive/web/tls/current/msg19493.html [1] https://datatracker.ietf.org/doc/draft-ietf-tls-cached-info/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
