These changes look good to me. I appreciate the change to change DelegationUsage extension to be NULL and dropping TLS1.2.
Thanks! -Clint On Wed, Aug 8, 2018 at 6:45 PM Subodh Iyengar <sub...@fb.com> wrote: > I merged all of these changes into master since it looked like no-one > seemed to have strong opinions against them and they seemed like quite > reasonable changes. > > > I'm about to cut a draft-02 with these changes if no-one has strong > opinions against. https://github.com/tlswg/tls-subcerts/ > > > Subodh > ------------------------------ > *From:* TLS <tls-boun...@ietf.org> on behalf of Patton,Christopher J < > cjpat...@ufl.edu> > *Sent:* Tuesday, July 24, 2018 11:04:27 AM > *To:* Ilari Liusvaara > *Cc:* tls@ietf.org > *Subject:* Re: [TLS] Proposed changes to draft-ietf-tls-subcerts > > > Aww, I see your point. You're right, it should be that crit=true if and > only if crit=true. > > > > Actually, what usecase do strict certificates serve anyway? I can not > > figure out any usecase that would make much sense to me. Dealing with > > server endpoints that are capable of LURK but not proof-of-possession > > nor is the keyserver capable of format-checking? > > The point was to enforce that, if a delegation certificate is offered in a > handshake, then a DC must be negotiated in that handshake. I wasn't > actually there, but I'm told that this feature was brought up at IETF. It > doesn't seem like there's a clean way to do this, and I'm not sure this > feature is worth the added complexity. > > I'm going to propose we drop the strict flag and let the critical bit be > optional for the extension. What do you think? > > -Chris > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
