On Tue, Dec 26, 2023 at 09:48:32PM +0900, Kazu Yamamoto (山本和彦) wrote:
> Hi,
>
> I'm trying to implement channel bindings defined RFC 5929.
> I have three questions:
Also note RFC 9266. That defines how to perform SCRAM/GSS-API with TLS
1.3.
> Q2) Can "tls-server-end-point" apply to TLS 1.3?
It could be appiled, but that is probably not a good idea.
For SCRAM and GSS-API, "tls-server-end-point" is not used in TLS 1.3.
> Q3) If the answer to Q2 is yes, which part is hashed?
>
> RFC 8446 defines Certificate as:
>
> struct {
> opaque certificate_request_context<0..2^8-1>;
> CertificateEntry certificate_list<0..2^24-1>;
> } Certificate;
>
>
> hash(Certificate) or hash(Handshake:Certificate) or
> hash(certificate_list)?
I don't think it is specified anywhere, but I think the most reasonable
thing is neither of those, but instead re-encoding the certificate_list
into TLS 1.2 form and hashing that. So the resulting binding values are
compatible with TLS 1.2.
-Ilari
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
