Hi Chuck, > A quick browse of other sections of RFC 8446 does not show a similar > capability for sending multiple certificates. This can be done using TLS 1.3 post-handshake client auth (https://www.rfc-editor.org/rfc/rfc8446#section-4.2.6). However, this is an optional TLS 1.3 feature and you may find that support for it among TLS stacks is either lacking or disabled by default. E.g., Windows TLS stack supports post-handshake client auth, but I don't think Chromium does.
Cheers, Andrei -----Original Message----- From: TLS <[email protected]> On Behalf Of Chuck Lever III Sent: Wednesday, March 1, 2023 6:44 AM To: [email protected] Subject: [EXTERNAL] [TLS] multi-identity support in RFC 8446 [Some people who received this message don't often get email from [email protected]. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Hi- We're implementing TLSv1.3 support for PSK and note there is a capability in the PSK extension described in S 4.2.11 for sending a list of identities. We don't find support for a list of alternate identities implemented in user space TLS libraries such as GnuTLS or OpenSSL. Is there a known reason for that omission? Are there any planned changes in this area coming soon? A quick browse of other sections of RFC 8446 does not show a similar capability for sending multiple certificates. We don't have a reason to need this yet, but would like our implementation to be prepared if such a capability were to be on the horizon. Did I misread the RFC? -- Chuck Lever _______________________________________________ TLS mailing list [email protected] https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=05%7C01%7CAndrei.Popov%40microsoft.com%7C1b3998c595b04c513bb808db1a636bd4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638132786607881637%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VVjbauuSNgsMxuB2M4KkXVghXD1TxoSv%2BWfDtNDOB9k%3D&reserved=0 _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
