On Fri, Oct 21, 2016 at 2:33 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> On Thu, Oct 20, 2016 at 09:32:36AM -0700, Eric Rescorla wrote: > > Folks, > > > > I have just uploaded draft-ietf-tls-tls13-17. > > Updated my own implementation from -16 to -17 (TODO: Add to > implementations page, it isn't any of the ones listed). > Please do. We're working on ours so interop testing would be great. And since that implementation supports RFC7250 (for the server > certificate), here is my interpretation of it: > > The certificate type is sent in extensions of EE certificate, > via the usual server_certificate_type extension (using the server-side > syntax from RFC7250). > I think this probably should go in Encrypted Extensions. > ... Interop tests with picotls failed: > > - Picotls sends extension 13 (signature_algorithms) in ServerHello, > which my implementation does not like[1]. > You are correct. > - Picotls still seems to have the resumption_context mixed into > hashes. I tought that got nuked when switching to "finished > stuffing"? This causes wrong encryption keys to be derived, > causing the handshake to blow up. > It did. > [1] Wasn't this ripped out in -17? The -17 draft seems to list that > extension as "clear", shouldn't it be "client" as the AFAIK the > server won't send it? > Thanks. That got missed in the update. -Ekr > > > -Ilari >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
