On Thu, Oct 20, 2016 at 09:32:36AM -0700, Eric Rescorla wrote: > Folks, > > I have just uploaded draft-ietf-tls-tls13-17.
Updated my own implementation from -16 to -17 (TODO: Add to implementations page, it isn't any of the ones listed). And since that implementation supports RFC7250 (for the server certificate), here is my interpretation of it: The certificate type is sent in extensions of EE certificate, via the usual server_certificate_type extension (using the server-side syntax from RFC7250). Okay, the extension is after the certificate it attaches to (which is just weird), but turns out this wasn't that bad to implement, due to how the code happened to be laid out (it first sliced the certificate message to extract the certificates and only afterwards processed those). ... Interop tests with picotls failed: - Picotls sends extension 13 (signature_algorithms) in ServerHello, which my implementation does not like[1]. - Picotls still seems to have the resumption_context mixed into hashes. I tought that got nuked when switching to "finished stuffing"? This causes wrong encryption keys to be derived, causing the handshake to blow up. [1] Wasn't this ripped out in -17? The -17 draft seems to list that extension as "clear", shouldn't it be "client" as the AFAIK the server won't send it? -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
