Re: [Emu] Request-Action Frame only in response to failed Result-TLV?
On Feb 2, 2023, at 2:26 AM, Eliot Lear wrote: a successful or failed Result TLV. > > > I suggest that this text be changed to allow a Request-Action TLV to be sent > at any time. The reasoning for this is that even with a successful TLS > exchange, the server may decide that the client needs a new certificate. > That may be due to many factors, including trust anchor changes or some sort > of compromise condition. > > Since nobody previously implemented the PKCS#10/PKCS#7 TLVs, this shouldn't > cause interoperability problems with earlier configs. OK. I'll make that change, and issue a new document. At this point there are only a few open issues: https://github.com/emu-wg/rfc7170bis/issues Alan DeKok. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] Request-Action Frame only in response to failed Result-TLV?
Section 4.2.9 reads: The Request-Action TLV MAY be sent by both the peer and the server in response to a successful or failed Result TLV. I suggest that this text be changed to allow a Request-Action TLV to be sent at any time. The reasoning for this is that even with a successful TLS exchange, the *server* may decide that the client needs a new certificate. That may be due to many factors, including trust anchor changes or some sort of compromise condition. Since nobody previously implemented the PKCS#10/PKCS#7 TLVs, this shouldn't cause interoperability problems with earlier configs. Eliot ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu