On Fri, Oct 21, 2016 at 7:00 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> On Fri, Oct 21, 2016 at 04:39:59AM -0700, Eric Rescorla wrote: > > On Fri, Oct 21, 2016 at 2:33 AM, Ilari Liusvaara < > ilariliusva...@welho.com> > > wrote: > > > > And since that implementation supports RFC7250 (for the server > > > certificate), here is my interpretation of it: > > > > > > The certificate type is sent in extensions of EE certificate, > > > via the usual server_certificate_type extension (using the server-side > > > syntax from RFC7250). > > > > > > > I think this probably should go in Encrypted Extensions. > > It is definitely related to the certificate chain, My argument would be that it doesn't belong in "individual certificates" because it applies to certificates as a whole. It's not like it would be legal to have a 7250 cert followed by an X.509 cert, one hopes -Ekr -Ekr and the spec > says such things should go to the first certificate slot (and indeed > the table about extensions says it goes to certificate extensions > block (but not which one). > > The client_certificate_type (which I am not using) is listed to go to > EncryptedExtensions, which definitely looks wrong to me, being another > extension related to the certificate chain. > > > -Ilari >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
