On Wed, Dec 11, 2019 at 12:48:58PM -0500, Russ Housley wrote: > Mirja: > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Just a small thing to double-check: I wonder if this sentence would actually > > require an update to RFC8446: > > "TLS 1.3 does not permit the server to send a CertificateRequest > > message when a PSK is being used. This restriction is removed when > > the "tls_cert_with_extern_psk" extension is negotiated, allowing > > certificate-based authentication for both the client and the server." > > Or maybe it should be phrased differently, just: > > "If the "tls_cert_with_extern_psk" extension is negotiated, > > certificate-based > > authentication is allowed for both the client and the server." I guess it > > depends on what exactly is said in RFC8446 (and I didn't went and tried to > > find > > it). > > I do not believe that an update is needed or appropriate. First, the > presence of this extension is an indication that this behavior will be > different. Second, this is going to be an Experimental RFC, so it should not > update a standards-track RFC.
I agree; this is just an extension working as normal. (Not that I haven't asked the same question before for other documents....) -Ben > > And as a side note, it is usually recommended to provide the link to the > > registry in the IANA section (to make life for IANA easier) > > I will gladly add a reference to the registry: > > https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml > > Russ > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
