Hello,
On 1/15/19 4:03 AM, Andrew Leonard wrote:
Re-posting this question..
Isn't the "certificate_authorities" extension mandatory for TLS1.3?
The text in question says "SHOULD" and not "MUST" [1]. So while it is
very desirable, I would not categorize this as a mandatory requirement.
_https://bugs.openjdk.java.net/browse/JDK-8206925_
See _https://tools.ietf.org/html/draft-ietf-tls-tls13-20#section-4.2.4_
There's a known typo in
_https://tools.ietf.org/html/draft-ietf-tls-tls13-20#section-4.4.2.2_
which from this comment:
_https://www.ietf.org/mail-archive/web/tls/current/msg23612.html_
indicates section 4.4.2.2 was a typo and "certificate_authorities" should
be used instead of "trusted_ca_keys"
Note that your links above are referencing the Internet Draft. This has
been corrected in the RFC:
https://tools.ietf.org/html/rfc8446#section-4.4.2.2
Should JDK-8206925 be a "bug"? Thoughts?
It seems correct as an Enhancement.
--Sean
[1] https://tools.ietf.org/html/rfc2119
Many thanks
Andrew
Andrew Leonard
Java Runtimes Development
IBM Hursley
IBM United Kingdom Ltd
Phone internal: 245913, external: 01962 815913
internet email: andrew_m_leon...@uk.ibm.com
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
