On Thu, Apr 19, 2018 at 04:32:55PM -0400, Sean Turner wrote: > All, > > This is the working group last call for the "Exported Authenticators in TLS" > draft available at > https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. > Please review the document and send your comments to the list by 2359 UTC on > 4 April 2018.
Are we using values in the same certificate_request_context space as those that in-TLS post-handshake authentication would use? If so, we should probably have some text in Section 3 (and maybe more explanation in Section 5.2 as well?) about the application coordinating with the TLS stack to avoid conflicts (since just from a data structure point of view the application could send a CertficiateRequest without checking with the TLS stack). We may also need the TLS stack to accound for context values chosen arbitrarily for spontaneous authentications. The API considerations might also be more clear that there are different spaces for the context values for server auth and client auth. Section 4.1 talks of the length of the exporter value in terms of the length of the TLS PRF hash, adding that cipher suites not using TLS PRF have to define a hash function. But TLS 1.3 ciphersuites do not use the TLS PRF and we say nothing about them... It doesn't look like we adapted to the addition of the signature_algorithms_cert extension in TLS 1.3. -Ben (with no hats) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
