Hi all, I am wondering why the certificate_request_context field found in the CertificateRequest and in the Certificate message is so long. It is supposed to be used to match a certificate request against incoming certificate.
Does the field really need to be up to 256 bytes long? I think 8 bytes should be more than enough. I would also like to suggest to change the definition of certificate_request_context: Here is the current text since the last sentence feels misleading: " certificate_request_context An opaque string which identifies the certificate request and which will be echoed in the client’s Certificate message. The certificate_request_context MUST be unique within the scope of this connection (thus preventing replay of client CertificateVerify messages). Within the handshake, this field MUST be empty. " " certificate_request_context An opaque string which identifies the certificate request and which will be echoed in the client’s Certificate message. The certificate_request_context MUST be unique within the scope of this connection (thus preventing replay of client CertificateVerify messages). This field SHALL be zero length unless used for post-handshake authentication described in Section 4.5.2. " Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
