Re: [TLS] First TLS cached information draft posted

To: Stefan Santesson <stefan at aaa-sec.com>
Subject: Re: [TLS] First TLS cached information draft posted
From: Simon Josefsson <simon at josefsson.org>
Date: Tue, 09 Jun 2009 09:02:40 +0200
Cc: TLS wg <TLS at ietf.org>
Delivered-to: tls at core3.amsl.com
In-reply-to: <C64DD3D3.2714%stefan at aaa-sec.com> (Stefan Santesson's message of "Thu, 04 Jun 2009 19:41:07 +0200")
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <C64DD3D3.2714%stefan at aaa-sec.com>
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.94 (gnu/linux)

Another minor point, quoting the document:

   When CachedInformationType identifies certificate_chain, then
   hash_value MUST include at least one hash value calculated over the
   certificate_list element of a server side Certificate message.
...
   When CachedInformationType identifies trusted_cas, then hash_value
   MUST include at least one hash value calculated over the
   certificate_authorities element of a server side CertificateRequest
   message.

And quoting RFC 5246 for the definitions of certificate_list and
certificate_authorities:

      opaque ASN.1Cert<1..2^24-1>;

      struct {
          ASN.1Cert certificate_list<0..2^24-1>;
      } Certificate;
...
      opaque DistinguishedName<1..2^16-1>;

      struct {
          ClientCertificateType certificate_types<1..2^8-1>;
          SignatureAndHashAlgorithm
            supported_signature_algorithms<2^16-1>;
          DistinguishedName certificate_authorities<0..2^16-1>;
      } CertificateRequest;

Q: Should the length bytes be included in the hash input or not?

/Simon

References:
- [TLS] First TLS cached information draft posted
  - From: Stefan Santesson

Prev by Date: Re: [TLS] First TLS cached information draft posted
Next by Date: Re: [TLS] FWD: First TLS cached information draft posted
Previous by thread: Re: [TLS] First TLS cached information draft posted
Next by thread: Re: [TLS] First TLS cached information draft posted
Index(es):
- Date
- Thread

Re: [TLS] First TLS cached information draft posted

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.