Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First cut at 1RTT handshake. Lots of OPEN ISSUEs and TODOs #52

Merged
merged 12 commits into from Jul 6, 2014
Merged

First cut at 1RTT handshake. Lots of OPEN ISSUEs and TODOs #52

merged 12 commits into from Jul 6, 2014

Conversation

ekr
Copy link
Contributor

@ekr ekr commented Jul 3, 2014

No description provided.

ekr and others added 12 commits July 2, 2014 14:21
@ekr
WIP: Start work at 1-RTT handshake. Lots of TODOs/OPEN ISSUES
64e2314
@ekr
Clean up some legacy artifacts
a7c8176
@dkg
use the term "custom DHE group" consistently
3b8ec11
@dkg
limit CertificateRequest only to position in the handshake
caa8f10 
I don't think the CertificateRequest needs to be limited to
authenticated servers, or to certain ciphersuites.

i note that RFC 5246 (TLS 1.2) does seem to suggest these same
limitations, but it's not clear to me why they exist.  If we're going
for a simpler state machine for TLS 1.3, i see no reason to keep these
limitations.
@dkg
clean up language
cb26185 
there is no "first handshake" any more, and the ChangeCipherSpec
message is being sent much earlier here.  The constraints replaced
here don't make sense in the new model.
@dkg
clarify what to do when client certificate is requested but unavailable
ca35851
@dkg
clarify what is an inappropriate ClientKeyExchange
e03b3c6
@dkg
Normalize description of supported_signtaure_algorithms
5d7157f 
Since each SignatureAndHashAlgorithm is 2 octets, and at least one
must be supported, the range is 2 - 2^16-2.

Note that cipher_suites is already declared in the same way:
CipherSuite cipher_suites<2..2^16-2>
@ekr
Merge commit
27dd2e6
@ekr
Clarify repeat ClientHello and deal with extension duplication
9d9ba28
@ekr
Clarify wording per MT's suggestion
4030cac
@ekr
Incorporate comments from Hovav Shacham
4dcdc65
ekr added a commit that referenced this pull request Jul 6, 2014
@ekr
Merge pull request #52 from ekr/1rtt
3c734b5 
First cut at 1RTT handshake. Lots of OPEN ISSUEs and TODOs
@ekr ekr merged commit 3c734b5 into tlswg:master Jul 6, 2014
ekr added a commit that referenced this pull request Oct 3, 2020
@ekr
Clarify PSK can't be used with certificate-based auth unless there is…
7905a13 
… some future extension. Fixes #52, Fixes #51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ekr @dkg