Re: Is TLS1.3 support missing the "certificate_authorities" extension?

Tue, 15 Jan 2019 06:10:02 -0800 

Thanks for the feedback Sean,
Do we have a view on the "priority" for such an enhancement? While we 
don't support it, what won't work or is limited? Ajay?
Cheers
Andrew

Andrew Leonard
Java Runtimes Development
IBM Hursley
IBM United Kingdom Ltd
Phone internal: 245913, external: 01962 815913
internet email: andrew_m_leon...@uk.ibm.com 




From:   Sean Mullan <sean.mul...@oracle.com>
To:     Andrew Leonard <andrew_m_leon...@uk.ibm.com>, 
security-dev@openjdk.java.net
Cc:     Ajay Reddy <are...@us.ibm.com>, Alaine DeMyers <ala...@us.ibm.com>
Date:   15/01/2019 13:39
Subject:        Re: Is TLS1.3 support missing the 
"certificate_authorities" extension?



Hello,

On 1/15/19 4:03 AM, Andrew Leonard wrote:
> Re-posting this question..
> 
> Isn't the "certificate_authorities" extension mandatory for TLS1.3?

The text in question says "SHOULD" and not "MUST" [1]. So while it is 
very desirable, I would not categorize this as a mandatory requirement.

> 
> 
_https://bugs.openjdk.java.net/browse/JDK-8206925_
> 
> See 
_https://tools.ietf.org/html/draft-ietf-tls-tls13-20#section-4.2.4_
> There's a known typo in
> 
_https://tools.ietf.org/html/draft-ietf-tls-tls13-20#section-4.4.2.2_
> which from this comment:
> 
_https://www.ietf.org/mail-archive/web/tls/current/msg23612.html_
> indicates section 4.4.2.2 was a typo and "certificate_authorities" 
should
> be used instead of "trusted_ca_keys"

Note that your links above are referencing the Internet Draft. This has 
been corrected in the RFC: 
https://tools.ietf.org/html/rfc8446#section-4.4.2.2


> Should JDK-8206925 be a "bug"? Thoughts?

It seems correct as an Enhancement.

--Sean

[1] 
https://tools.ietf.org/html/rfc2119


> 
> Many thanks
> Andrew
> 
> Andrew Leonard
> Java Runtimes Development
> IBM Hursley
> IBM United Kingdom Ltd
> Phone internal: 245913, external: 01962 815913
> internet email: andrew_m_leon...@uk.ibm.com
> 
> 
> Unless stated otherwise above:
> IBM United Kingdom Limited - Registered in England and Wales with number 

> 741598.
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 
3AU





Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

Reply via email to