On Fri, Oct 21, 2016 at 08:00:33AM -0700, Eric Rescorla wrote: > On Fri, Oct 21, 2016 at 7:00 AM, Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > > > On Fri, Oct 21, 2016 at 04:39:59AM -0700, Eric Rescorla wrote: > > > On Fri, Oct 21, 2016 at 2:33 AM, Ilari Liusvaara < > > ilariliusva...@welho.com> > > > wrote: > > > > > > And since that implementation supports RFC7250 (for the server > > > > certificate), here is my interpretation of it: > > > > > > > > The certificate type is sent in extensions of EE certificate, > > > > via the usual server_certificate_type extension (using the server-side > > > > syntax from RFC7250). > > > > > > > > > > I think this probably should go in Encrypted Extensions. > > > > It is definitely related to the certificate chain, > > > My argument would be that it doesn't belong in "individual certificates" > because it applies to certificates as a whole. It's not like it would be > legal to have a 7250 cert followed by an X.509 cert, one hopes
Well, there can't be two server certificate "chains". But if there could, I would expect the type to per-chain. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
