On 12/07/2023 11:01, Ilari Liusvaara wrote:
On Tue, Jul 11, 2023 at 09:37:19PM +0100, Dennis Jackson wrote:
TLS Certificate Compression influences the transcript for the decompressing
party, as the output is the Certificate message which is used in the
transcript.
RFC 8879 does not alter how transcript is computed in any way.
Firstly, all extensions added to the ClientHello influence the
transcript as the body of the CH message is included in the transcript.
Secondly, RFC 8879 specifies a CompressedCertificate message which is
the result of applying the negotiated compression algorithm to the
original Certificate message. The receiver of the CompressedCertificate
message will decompress it and include the resulting Certificate message
in their transcript. Consequently, for one party use of RFC 8879 will
influence the transcript.
An extension altering computation of transcript would be truly
extraordinary.
You might find 6.1.5 and 7.2 of
https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ an interesting
read :-).
Best, Dennis
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
