On Fri, Oct 21, 2016 at 04:39:59AM -0700, Eric Rescorla wrote: > On Fri, Oct 21, 2016 at 2:33 AM, Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > > And since that implementation supports RFC7250 (for the server > > certificate), here is my interpretation of it: > > > > The certificate type is sent in extensions of EE certificate, > > via the usual server_certificate_type extension (using the server-side > > syntax from RFC7250). > > > > I think this probably should go in Encrypted Extensions.
It is definitely related to the certificate chain, and the spec says such things should go to the first certificate slot (and indeed the table about extensions says it goes to certificate extensions block (but not which one). The client_certificate_type (which I am not using) is listed to go to EncryptedExtensions, which definitely looks wrong to me, being another extension related to the certificate chain. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
