On Fri, 18 Aug 2023 at 19:57, Alan DeKok <[email protected]> wrote:
> On Aug 18, 2023, at 12:47 PM, Heikki Vatiainen <[email protected]> > wrote: > > Should it be noted that this provisioning method is only available > > with TLS 1.2 and earlier because the method requires anonymous > > ciphersuites? It confirms to the reader that this is the intended > > case. > > How about this: > > Note that server unauthenticated provisioning can only use anonymous > cipher suites in TLS 1.2 and earlier. These cipher suites have been > deprecated in TLS 1.3 ({{RFC8446}} Section C.2). For TLS 1.3, the > server MUST provide a certificate, and the peer performs server > unauthenticated provisioning by not validating the certificate chain > or any of its contents. > > > The last sentence is suggested by the RFC8446 Section C.2 > Good find, looks good. Small fix, though. It's section C.5, not C.2. -- Heikki Vatiainen [email protected]
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
