On Sun, Feb 19, 2023 at 06:00:27PM -0700, Brian Campbell wrote:
> The aim of this draft is to document and consolidate current practice. And
> do so in as simple and straightforward way as possible. Despite RFC7250
> existing, current practice is largely x509. So that's the focus/scope of
> the document.
Thanks for the clarification. I didn't notice text in the draft to the
effect that it describes existing TTRP practice. I take it there is a
non-negligible population of such proxies already sending base64 of
DER-encoded certificates and perhaps also chains via headers, and it
would be burdensome to have them convey the certificate type.
If RPKs do some day become more popular (perhaps after they become
available in OpenSSL 3.2 they'll be available to more users), a separate
"Client-RPK" header could be defined, presumably along similar lines,
holding the RPK type and (if X.509 public key) base64-encoded SPKI.
--
Viktor.
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
