Re: [Emu] WGLC on draft-ietf-emu-rfc7170bis-11
https://datatracker.ietf.org/doc/draft-ietf-emu-bootstrapped-tls/ On 19.08.23 21:12, Michael Richardson wrote: Eliot Lear wrote: >> We don't need or want anonymous ciphersuites here. > We should keep the TLS-POK work in mind. I didn't find an obvious draft about that in the TLS WG. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide OpenPGP_0x87B66B46D9D27A33.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] WGLC on draft-ietf-emu-rfc7170bis-11
Eliot Lear wrote: >> We don't need or want anonymous ciphersuites here. > We should keep the TLS-POK work in mind. I didn't find an obvious draft about that in the TLS WG. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide signature.asc Description: PGP signature ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] WGLC on draft-ietf-emu-rfc7170bis-11
On 18 Aug 2023, at 23:26, Michael Richardson wrote: > > If we are talking about an RFC8995 (BRSKI) mechanism then: > > a) It requires that the Peer defer validation of the Server's certificate > until later on when another signed artifact is received (RFC8366 voucher). > b) The server still validates the Peers' client (IDevID) certificate. > > We don't need or want anonymous ciphersuites here. We should keep the TLS-POK work in mind. Eliot ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu