Hi Wang, The 1609.2 certificate format consists of both explicit and implicit certificates. The explicit certificates are in 1609.2 format, not in X.509 format.
Cheers, William On Mon, Aug 27, 2018 at 4:43 AM, Wang Haiguang < wang.haiguang.shield...@huawei.com> wrote: > Hi, Mounira > > Thanks for the clarification. That means both explicit and implicit > certificates will be supported. > > Regards. > > Haiguang > > -----Original Message----- > From: Mounira Msahli [mailto:mounira.msa...@telecom-paristech.fr] > Sent: Monday, August 27, 2018 4:32 PM > To: Wang Haiguang <wang.haiguang.shield...@huawei.com> > Cc: Ilari Liusvaara <ilariliusva...@welho.com>; tls <tls@ietf.org> > Subject: Re: TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 > certificates > > Hi Wang, > > The purpose of the draft is to extend TLS 1.3 to support IEEE 1609.2/ETSI > TS 103 097 certificates for authentication in addition to X.509 certificate > and raw public keys. > > Kind Regards > Mounira > > > > ----- Mail original ----- > De: "Wang Haiguang" <wang.haiguang.shield...@huawei.com> > À: "Mounira Msahli" <mounira.msa...@telecom-paristech.fr>, "Ilari > Liusvaara" <ilariliusva...@welho.com> > Cc: "tls" <tls@ietf.org> > Envoyé: Lundi 27 Août 2018 03:44:28 > Objet: RE: TLS 1.3 Authentication using ETSI TS 103 097 and IEEE 1609.2 > certificates > > Hi, Mounira > > Just for clarification. > > If I am not wrong, there are two types of certificates supported by > 1609.2. One is the legacy X.509 certificate, the other is the implicit > certificate. > > So for you draft submitted, you plan support both types of certificates or > just one of them, i.e. the X.509 certificate. > > Best regards. > > Haiguang > > -----Original Message----- > From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Mounira Msahli > Sent: Saturday, August 25, 2018 1:45 AM > To: Ilari Liusvaara <ilariliusva...@welho.com> > Cc: tls <tls@ietf.org> > Subject: Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE > 1609.2 certificates > > > Thank you Ilari, > > > In response to your comments below: > > - I did not see requirements where to place the end-entity certificate > anywhere. I think most TLS code outright assumes that the end-entity > certificate is the first one. > > >>> We will add it. > > - More generally, I did not see it specified how the certificate chain is > laid out to the individual certficate fields (it is fairly obvious, but > should still be specified). > >>> We will specify it. > > - The examples could have multiple certificate types in ClientHello to > more clearly show what is actually going on. > >>> We will add examples with multiple certificate types in Client Hello > > - You should also specify use in TLS 1.2 in the same draft (or say that > is prohibited). This is so one only needs one reference for the > codepoint allocation. > > >>> It is not prohibited, for TLS 1.2 the extension is already specified: > [ https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 ] > [ https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 | > https://tools.ietf.org/html/draft-serhrouchni-tls-certieee1609-01 ] > We will update the draft > > - I found the document quite hard to read due to various editorial > issues. > >> We will update the draft > > > Kind Regards > Mounira > > ----- Mail original ----- > De: "Ilari Liusvaara" <ilariliusva...@welho.com> > À: "Mounira Msahli" <mounira.msa...@telecom-paristech.fr> > Cc: "tls" <tls@ietf.org> > Envoyé: Vendredi 24 Août 2018 17:50:38 > Objet: Re: [TLS] TLS 1.3 Authentication using ETSI TS 103 097 and IEEE > 1609.2 certificates > > On Fri, Aug 24, 2018 at 04:09:43PM +0200, Mounira Msahli wrote: > > Hi all, > > > > > > The draft: TLS 1.3 Authentication using IEEE 1609.2/ETSI TS 103097 > certificates is updated in accordance with TLS 1.3: > https://tools.ietf.org/html/draft-tls-certieee1609-01 > > > > This document describes the use of certificates specified by the > Institute of Electrical and Electronics Engineers IEEE1609.2 and the > European Telecommunications Standards > > > > Institute ETSI TS 103097. These standards are defined in order to secure > communications in vehicular environments. > > > > This extension is very useful and has become a pressing need for > (Vehicle-To-Internet(V2Internet), Vehicle-To-Cloud(V2Cloud),...). > > > > We are soliciting feedback from the WG on the draft. > > Some quick comments: > > - I did not see requirements where to place the end-entity certificate > anywhere. I think most TLS code outright assumes that the end-entity > certificate is the first one. > - More generally, I did not see it specified how the certificate chain > is laid out to the individual certficate fields (it is fairly > obvious, but should still be specified). > - The examples could have multiple certificate types in ClientHello to > more clearly show what is actually going on. > - You should also specify use in TLS 1.2 in the same draft (or say that > is prohibited). This is so one only needs one reference for the > codepoint allocation. > - I found the document quite hard to read due to various editorial > issues. > > > -Ilari > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- PLEASE UPDATE YOUR ADDRESS BOOKS WITH MY NEW ADDRESS: wwh...@onboardsecurity.com
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
