On Mon, Jul 11, 2016 at 9:16 AM, David Benjamin
mailto:david...@chromium.org>> wrote:
> OpenSSL determines which certificate to use during ClientHello processing,
> but it has a mode where, if intermediates were not explicitly configured and
> only a leaf, it path-builds right before sending th
On Monday, July 11, 2016 10:27:21 am Sean Turner wrote:
> - Before 12 July, we’d like to know your thoughts about progressing
> draft-ietf-tls-pwd (Watson and ekr responded):
> https://mailarchive.ietf.org/arch/msg/tls/WrNa7PXTZn2ZhfmoQDA_pnUVuN4
This document defines new cipher suites using obso
I also don't like the AUTH48 changes -- there's no protocol-level reason
to weaken the MUST, since a server that can't handle the extra
state/processing can just not implement the extension at all.
-Ben
On 07/11/2016 10:34 AM, Eric Rescorla wrote:
> I agree with Watson's assessment here. This see
OpenSSL determines which certificate to use during ClientHello processing,
but it has a mode where, if intermediates were not explicitly configured
and only a leaf, it path-builds right before sending the Certificate
message. But I don't see any reason why it can't be changed to compute this
earlie
I agree with Watson's assessment here. This seems like the wrong design
choice.
I'm not familiar with OpenSSL's cert selection, but I don't believe that
the issue
that this change is intended to address applies to NSS, for two reasons:
1. NSS does cert selection during client hello processing [0]
On Mon, Jul 11, 2016 at 7:27 AM, Sean Turner wrote:
> Hi,
>
> Just wanted to remind everybody that we’ve got two non-TLS1.3 items we’re
> looking for WG input on:
>
> - Before 12 July, we’d like to know your thoughts about progressing
> draft-ietf-tls-pwd (Watson and ekr responded):
> https://ma
Hi,
Just wanted to remind everybody that we’ve got two non-TLS1.3 items we’re
looking for WG input on:
- Before 12 July, we’d like to know your thoughts about progressing
draft-ietf-tls-pwd (Watson and ekr responded):
https://mailarchive.ietf.org/arch/msg/tls/WrNa7PXTZn2ZhfmoQDA_pnUVuN4
- Befo
