That makes sense, but it'd be good to clarify the text. Thanks! William
-- sent from my phone On Nov 1, 2016 11:57 AM, "Ilari Liusvaara" <ilariliusva...@welho.com> wrote: > On Tue, Nov 01, 2016 at 04:41:44AM -0400, William Whyte wrote: > > I'm confused by the line "These messages are not encrypted", because on a > > plain reading it could mean that the authenticator is sent outside the > > encrypted TLS session. That would be bad because it would mean that > clients > > that wanted to authenticate themselves but to the server only wouldn't be > > able to use this mechanism. I assume that's not the intent? If that isn't > > the intent, suggest rephrasing as "These messages are not encrypted, > other > > than the encryption provided on transmission by the TLS session". > > What I think it means that the authenticator is not encrypted before > handing it to the application for transport (most probably ultimately > ending inside the TLS connection itself, which does encrypt it on the > wire). > > > Also, the message emitted is formatted as follows, right? > > - Byte 0x0B (CERTIFICATE code) > - 3-byte length of Certificate message > - Standard TLS 1.3 Certificate message payload > - Byte 0x0F (CERTIFICATE_VERIFY code) > - 3-byte length of CertificateVerify message > - Standard TLS 1.3 CertificateVerify message payload > - Byte 0x14 (FINISHED code) > - 3-byte length of Finished message > - Standard TLS 1.3 Finished message payload > > > > > -Ilari >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
