Re: [TLS] Proposed change in TLS-Flags

2020-07-02 Thread Hannes Tschofenig
g > Sent: Wednesday, July 1, 2020 5:55 PM > To: Yoav Nir ; > Subject: Re: [TLS] Proposed change in TLS-Flags > > Yoav, > > I looked at the draft and the PR. I am fine with the proposed changes. > This is a short and useful draft. > > Ciao > Hannes > > From: TLS

Re: [TLS] Proposed change in TLS-Flags

2020-07-01 Thread David Schinazi
Thanks for the context, everyone! Based on that, PR looks good to me. Ship it! David On Tue, Jun 30, 2020 at 9:18 PM Martin Thomson wrote: > More to the point, this makes it more difficult to analyze relative to an > empty "flag" extension of the likes we currently use. > > I haven't

Re: [TLS] Proposed change in TLS-Flags

2020-07-01 Thread Yoav Nir
> Sent: Wednesday, July 1, 2020 5:55 PM > To: Yoav Nir ; > Subject: Re: [TLS] Proposed change in TLS-Flags > > Yoav, > > I looked at the draft and the PR. I am fine with the proposed changes. > This is a short and useful draft. > > Ciao > Hannes >

Re: [TLS] Proposed change in TLS-Flags

2020-07-01 Thread Hannes Tschofenig
One question: Wouldn’t you want to register a flag for "Post-Handshake Client Authentication" in this document? Ciao Hannes From: TLS On Behalf Of Hannes Tschofenig Sent: Wednesday, July 1, 2020 5:55 PM To: Yoav Nir ; Subject: Re: [TLS] Proposed change in TLS-Flags Yoav,

Re: [TLS] Proposed change in TLS-Flags

2020-07-01 Thread Hannes Tschofenig
Yoav, I looked at the draft and the PR. I am fine with the proposed changes. This is a short and useful draft. Ciao Hannes From: TLS On Behalf Of Yoav Nir Sent: Monday, June 29, 2020 11:34 PM To: Subject: [TLS] Proposed change in TLS-Flags Hi I’ve just submitted the following PR: https

Re: [TLS] Proposed change in TLS-Flags

2020-06-30 Thread Martin Thomson
More to the point, this makes it more difficult to analyze relative to an empty "flag" extension of the likes we currently use. I haven't implemented this, but I imagine one strategy would be to rewrite these flags and pretend that they were empty extensions. That would allow implementations

Re: [TLS] Proposed change in TLS-Flags

2020-06-30 Thread Yoav Nir
Yeah, the thread that Nick mentioned. Also, since there are no such extensions defined in the base TLS 1.3 spec, the server can’t assume that the client knows what either the specific flag means, or the entire flags extension means. So suppose we invent some new client authentication scheme

Re: [TLS] Proposed change in TLS-Flags

2020-06-30 Thread David Schinazi
Hi Yoav, Could you elaborate on the rationale for this change please? I was assuming that the ability for servers to send extensions not requested by clients was useful. Thanks, David On Mon, Jun 29, 2020 at 2:34 PM Yoav Nir wrote: > Hi > > I’ve just submitted the following PR: > >