On Fri, Sep 23, 2016 at 11:05:10PM +0000, Nick Sullivan wrote: > Thanks for the suggestions. I've restructured my PR to include an array of > SingleCertificate objects in the Certificate structure.
It occured to me that certain extensions might be considered to be per- chain. Like e.g. type of the certificate. Where do extensions like that go? Always to the extension block of the first certificate (except that might cause somewhat of a cyclic dependency in parsing)? And then there is the user_mapping. I presume mechanism like this is to be used to transport it (avoiding need to mess with new handshake messages and such. > Ilari: I agree that the post-hanshake auth mechanism as currently described > is a bit lacking, but I'd like to sort this out first. Well, more like I was annoyed at having to implement that at all and the fact that it requires remembering a hash state (which may be a quite harsh requirement in some cases). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
