5 May 2012 00:06
Re: WGLC for draft-ietf-tls-oob-pubkey-03.txt
Paul Hoffman <paul.hoffman <at> vpnc.org>
2012-05-04 22:06:58 GMT
2012-05-04 22:06:58 GMT
On May 4, 2012, at 3:00 PM, Martin Rex wrote: > Paul Hoffman wrote: >> >> More importantly, the client auth text added in the last round was: >> >> 3.5. Client authentication >> >> Client authentication by the TLS server is supported only through >> authentication of the received client SubjectPublicKeyInfo via an >> out-of-band method >> >> This is both wrong and insufficient. > > I believe it is acceptable and more correct than your proposed > alternative. > > RFC6091 does _not_ permit different certificates types for > client and server, so this will not fit into the extensibility provided > by rfc6091. Ummmm, I never said that it did. My proposed alternative wording was to deal with exactly the case of both sides using raw keys. Why did you think different? > If you want to allow an assymetric authentication scheme... I do not. --Paul Hoffman
RSS Feed