I should have CC'd IETF on the following. (Thanks Nelson.)
--mark
-----Original Message-----
From: tls-bounces(_at_)ietf(_dot_)org [mailto:tls-bounces(_at_)ietf(_dot_)org]
On Behalf Of Mark
Brown
Sent: Thursday, February 28, 2008 2:57 PM
To: tls(_at_)ietf(_dot_)org
Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The TransportLayer
Security (TLS) Protocol Version 1.2) to Proposed Standard
TLS Supplemental Data [RFC4680] was overlooked, e.g. in section 7.4.2.
Server Certificate,
The server MUST send a certificate whenever the agreed-upon key
exchange method uses certificates for authentication (this
includes all key exchange methods defined in this document except
DH_anon). This message will always immediately follow the server
^--No
hello message.
Also in section 7.4.7. Client Key Exchange Message,
This message is always sent by the client. It MUST immediately
^--No
follow the client certificate message, if it is sent. Otherwise it
MUST be the first message sent by the client after it receives the
^--No
server hello done message.
Instead, per [RFC4680], ServerCertificate may follow a server's
SupplementalData message. Also, Client Key Exchange follows the client
Certificate message and/or the client SupplementalData message, if these
messages are sent.
[RFC4680] should also be added to the references section. It may be helpful
to add SupplementalData to Figure 1 on page 34 of rfc4346-bis as well,
marked with an asterisk *, following Figure 1 in [RFC4680].
--mark
_______________________________________________
TLS mailing list
TLS(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf