[TLS] certificate_request_context in TLS 1.3 Certificate handshake message

Xuelei Fan Tue, 25 Jul 2017 16:49:32 -0700

Hi,

The TLS 1.3 Certificate handshake message is defined as:


   struct {
       opaque certificate_request_context<0..2^8-1>;
       CertificateEntry certificate_list<0..2^24-1>;
   } Certificate;

   certificate_request_context  If this message is in response to a
      CertificateRequest, the value of certificate_request_context in
      that message.  Otherwise (in the case of server authentication),
      this field SHALL be zero length.


As the certificate_request_context and client delivered Certificate
handshake message are only in response to a CertificateRequest, the one
byte zero length of certificate_request_context field is redundant for
server delivered certificate handshake message. It may be more clear to use
the certificate_request_context field for client delivered Certificate
handshake message only, for example:

   struct {
       select (connection_end) {
            case client:
               opaque certificate_request_context<0..2^8-1>;
            case server:
               struct {};
       }
       CertificateEntry certificate_list<0..2^24-1>;
   } Certificate;

Regards,
Xuelei Fan

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] certificate_request_context in TLS 1.3 Certificate handshake message

Reply via email to