PR: https://github.com/tlswg/tls13-spec/pull/654
Hello, I'd like to propose a small to the Certificate message format to allow for future extensibility of the protocol. This change adds a set of extensions to the Certificate message. With this change, the Certificate message can now hold all extension messages that are certificate-specific (rather than connection-specific). This change also resolves the anomaly of OCSP messages appearing before certificates in the handshake. Reasoning: I've come to the conclusion that the current mechanism in TLS 1.3 for OCSP and SCT is lacking forsight. OCSP and SCT are per-certificate metadata, not per-connection metadata. By putting these responses in the EncryptedExtensions, you limit these extensions to being shown once per connection. This restricts future protocol extensions from using multiple Certificate messages to support multiple certificates on the same connection. An example of this is the post-handshake authentication proposal ( https://tools.ietf.org/html/draft-sullivan-tls-post-handshake-auth-00), which currently requires a modified post-handshake Certificate message. This proposed change would simplify the post-handshake auth proposal significantly and generally make more sense as more certificate-specific extensions are created. Nick
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls