Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add warning about agreement on Client certificate bytes. #76

Merged
merged 4 commits into from Mar 4, 2022
Merged

Add warning about agreement on Client certificate bytes. #76

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
84774a1
Add warning about agreement on Client certificate bytes.
jhoyla Aug 24, 2021
df9a423
Update draft-ietf-tls-exported-authenticator.md
jhoyla Oct 28, 2021
5cf1935
Require Server to verify Finished.
jhoyla Nov 29, 2021
ec7e226
Update draft-ietf-tls-exported-authenticator.md
grittygrease Mar 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 7 additions & 0 deletions draft-ietf-tls-exported-authenticator.md
View file
Open in desktop
Expand Up @@ -511,6 +511,13 @@ The signatures generated with this API cover the context string
"Exported Authenticator" and therefore cannot be transplanted into other
protocols.

In TLS 1.3 the client can not explicitly learn from the TLS layer whether its
Finished message was accepted. Because the application traffic keys are not
dependent on the client's final flight, the client cannot learn whether the
server ever received it. To avoid disagreement between the client and server
grittygrease marked this conversation as resolved.
Show resolved Hide resolved
on the authentication status of EAs, servers MUST verify the client Finished
before sending an EA or processing a received EA.

# Acknowledgements {#ack}

Comments on this proposal were provided by Martin Thomson. Suggestions for
Expand Down