Dear Ilari, Russ and all In previous comments received from the mailing list, experts suggest us to base our TLS-IBC draft on TLS 1.3 instead of TLS 1.2. We do think it is excellent suggestion. Therefore, recently, we have revised our internet draft "Using Identity as Raw Public Key in Transport Layer Security (TLS)" accordingly and now it is based on TLS 1.3.
Beside that, an OID has been assigned by the IANA recently for the ECCSI signature algorithm, and therefore, the OID table has been updated also. Please help to review our revised draft and let us know your comments on it. Below is the link to the new draft: https://www.ietf.org/id/draft-wang-tls-raw-public-key-with-ibc-07.txt Best regards. Haiguang -----Original Message----- From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com] Sent: Thursday, January 17, 2019 7:03 PM To: Wang Haiguang <wang.haiguang.shield...@huawei.com> Cc: tls@ietf.org Subject: Re: [TLS] A new draft for "Using Identity as Raw Public Key in Transport Layer Security (TLS)" has been updated On Thu, Jan 17, 2019 at 10:21:43AM +0000, Wang Haiguang wrote: > Dear Ilari > > Sorry for the late reply. > > We are now trying to move the TLS-IBC to TLS 1.3 and will upload a newer > version soon. > > In your previous email, you said that with TLS 1.3, the > client_certificate_type is unnessary. > In fact client_certificate_type and server_certificate_type are > defined in RFC 7250 and used in client/server hello to indicate the > preference of client/server one certificate. > > Client/server can use it to indicate whether they want to use > RawPublicKey or X.509 in authentication. So if we do not use > client_certificate_type, how the client indicate its preference on > RawPublicKey. Ugh, just noticed that the terminology is pretty confusing... There are three similarly named things: - Registry called ClientCertificateType (only used by TLS 1.2, these values go into one field in CertificateRequest message) - extension called client_certificate_type (used by TLS 1.2&1.3) - Registry called certificate types (values used by client_certificate_type come from here). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
