Mirja: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Just a small thing to double-check: I wonder if this sentence would actually > require an update to RFC8446: > "TLS 1.3 does not permit the server to send a CertificateRequest > message when a PSK is being used. This restriction is removed when > the "tls_cert_with_extern_psk" extension is negotiated, allowing > certificate-based authentication for both the client and the server." > Or maybe it should be phrased differently, just: > "If the "tls_cert_with_extern_psk" extension is negotiated, certificate-based > authentication is allowed for both the client and the server." I guess it > depends on what exactly is said in RFC8446 (and I didn't went and tried to > find > it).
I do not believe that an update is needed or appropriate. First, the presence of this extension is an indication that this behavior will be different. Second, this is going to be an Experimental RFC, so it should not update a standards-track RFC. > And as a side note, it is usually recommended to provide the link to the > registry in the IANA section (to make life for IANA easier) I will gladly add a reference to the registry: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml Russ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
