Thanks John. Good points about draft-ietf-tls-subcerts. I am tracking it in git and will update.
Before bringing the draft up for discussion again, we are trying to quantify the "stale ICA cache causing TLS connection failures for the web", as this was a concern the group brought up. Getting this data is not straightforward, I must say. From: John Mattsson <[email protected]> Sent: Thursday, November 24, 2022 6:04 AM To: Kampanakis, Panos <[email protected]>; [email protected] Cc: Bytheway, Cameron <[email protected]> Subject: [EXTERNAL] [UNVERIFIED SENDER] Re: New Version Notification for draft-kampanakis-tls-scas-latest-01.txt CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Hi, I think this is great work and something the TLS WG should adopt and work on. Reducing the total number of bytes is very important not only in constrained IoT, but also in TLS based EAP methods, and in applications where handshake time to completion is important. I quicky read the -02 draft. It seems to be in a good shape. Some comments: - I think it would be good if the draft described how it works with draft-ietf-tls-subcerts. While the latest version of draft-ietf-tls-subcerts talks about "delegated credential" and not certifcates, they are commonly refered to as subcerts. - I think draft-kampanakis-tls-scas-latest could considered allowing suppressing also the end-entity certificate for use cases when draft-ietf-tls-subcerts is used. Cheers, John From: TLS <[email protected]<mailto:[email protected]>> on behalf of Kampanakis, Panos <[email protected]<mailto:[email protected]>> Date: Friday, 4 March 2022 at 16:42 To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Cc: Bytheway, Cameron <[email protected]<mailto:[email protected]>> Subject: Re: [TLS] New Version Notification for draft-kampanakis-tls-scas-latest-01.txt Hi all, The updated -01 version fixes a couple of nits identified by Ilari, removes the needs for two different tlsflags, one each direction, and does not require an acknowledgement of the ICA suppression tlsflag based on discussions about the tlsflags draft https://mailarchive.ietf.org/arch/msg/tls/SIvCO_ZFmNfTEeyiuZOcdBzTdAo/ There are more issues we are tracking based on discussions in this list https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-24c7ac234ac8e19f&q=1&e=76ac0dba-b0c6-4ac8-9538-5faabd060cb2&u=https%3A%2F%2Fgithub.com%2Fcsosto-pk%2Ftls-suppress-intermediates%2Fissues -----Original Message----- From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Sent: Friday, March 4, 2022 10:34 AM To: Bas Westerbaan <[email protected]<mailto:[email protected]>>; Bytheway, Cameron <[email protected]<mailto:[email protected]>>; Martin Thomson <[email protected]<mailto:[email protected]>>; Kampanakis, Panos <[email protected]<mailto:[email protected]>> Subject: [EXTERNAL] New Version Notification for draft-kampanakis-tls-scas-latest-01.txt CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. A new version of I-D, draft-kampanakis-tls-scas-latest-01.txt has been successfully submitted by Panos Kampanakis and posted to the IETF repository. Name: draft-kampanakis-tls-scas-latest Revision: 01 Title: Suppressing CA Certificates in TLS 1.3 Document date: 2022-03-04 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/archive/id/draft-kampanakis-tls-scas-latest-01.txt Status: https://datatracker.ietf.org/doc/draft-kampanakis-tls-scas-latest/ Htmlized: https://datatracker.ietf.org/doc/html/draft-kampanakis-tls-scas-latest Diff: https://www.ietf.org/rfcdiff?url2=draft-kampanakis-tls-scas-latest-01 Abstract: A TLS client or server that has access to the complete set of published intermediate certificates can inform its peer to avoid sending certificate authority certificates, thus reducing the size of the TLS handshake. The IETF Secretariat _______________________________________________ TLS mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
