On Aug 18, 2023, at 12:47 PM, Heikki Vatiainen <[email protected]>
wrote:
> Should it be noted that this provisioning method is only available
> with TLS 1.2 and earlier because the method requires anonymous
> ciphersuites? It confirms to the reader that this is the intended
> case.
How about this:
Note that server unauthenticated provisioning can only use anonymous
cipher suites in TLS 1.2 and earlier. These cipher suites have been
deprecated in TLS 1.3 ({{RFC8446}} Section C.2). For TLS 1.3, the
server MUST provide a certificate, and the peer performs server
unauthenticated provisioning by not validating the certificate chain
or any of its contents.
The last sentence is suggested by the RFC8446 Section C.2
Alan DeKok.
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
