Thank you Ilari,
In response to your comments below: - I did not see requirements where to place the end-entity certificate anywhere. I think most TLS code outright assumes that the end-entity certificate is the first one. >>> We will add it. - More generally, I did not see it specified how the certificate chain is laid out to the individual certficate fields (it is fairly obvious, but should still be specified). >>> We will specify it. - The examples could have multiple certificate types in ClientHello to more clearly show what is actually going on. >>> We will add examples with multiple certificate types in Client Hello - You should also specify use in TLS 1.2 in the same draft (or say that is prohibited). This is so one only needs one reference for the codepoint allocation. >>> It is not prohibited, for TLS 1.2 the extension is already specified: [ >>> https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 ] [ https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 | https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 ] We will update the draft - I found the document quite hard to read due to various editorial issues. >> We will update the draft Kind Regards Mounira ----- Mail original ----- De: "Ilari Liusvaara" <ilariliusva...@welho.com> À: "Mounira Msahli" <mounira.msa...@telecom-paristech.fr> Cc: "tls" <tls@ietf.org> Envoyé: Vendredi 24 Août 2018 17:50:38 Objet: Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 certificates On Fri, Aug 24, 2018 at 04:09:43PM +0200, Mounira Msahli wrote: > Hi all, > > > The draft: TLS 1.3 Authentication using IEEE 1609.2/ETSI TS 103097 > certificates is updated in accordance with TLS 1.3: > https://tools.ietf.org/html/draft-tls-certieee1609-01 > > This document describes the use of certificates specified by the Institute of > Electrical and Electronics Engineers IEEE1609.2 and the European > Telecommunications Standards > > Institute ETSI TS 103097. These standards are defined in order to secure > communications in vehicular environments. > > This extension is very useful and has become a pressing need for > (Vehicle-To-Internet(V2Internet), Vehicle-To-Cloud(V2Cloud),...). > > We are soliciting feedback from the WG on the draft. Some quick comments: - I did not see requirements where to place the end-entity certificate anywhere. I think most TLS code outright assumes that the end-entity certificate is the first one. - More generally, I did not see it specified how the certificate chain is laid out to the individual certficate fields (it is fairly obvious, but should still be specified). - The examples could have multiple certificate types in ClientHello to more clearly show what is actually going on. - You should also specify use in TLS 1.2 in the same draft (or say that is prohibited). This is so one only needs one reference for the codepoint allocation. - I found the document quite hard to read due to various editorial issues. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
