I should have CC'd IETF on the following. (Thanks Nelson.) --mark -----Original Message----- From: tls-bounces@xxxxxxxx [mailto:tls-bounces@xxxxxxxx] On Behalf Of Mark Brown Sent: Thursday, February 28, 2008 2:57 PM To: tls@xxxxxxxx Subject: Re: [TLS] Last Call: draft-ietf-tls-rfc4346-bis (The TransportLayer Security (TLS) Protocol Version 1.2) to Proposed Standard TLS Supplemental Data [RFC4680] was overlooked, e.g. in section 7.4.2. Server Certificate, The server MUST send a certificate whenever the agreed-upon key exchange method uses certificates for authentication (this includes all key exchange methods defined in this document except DH_anon). This message will always immediately follow the server ^--No hello message. Also in section 7.4.7. Client Key Exchange Message, This message is always sent by the client. It MUST immediately ^--No follow the client certificate message, if it is sent. Otherwise it MUST be the first message sent by the client after it receives the ^--No server hello done message. Instead, per [RFC4680], ServerCertificate may follow a server's SupplementalData message. Also, Client Key Exchange follows the client Certificate message and/or the client SupplementalData message, if these messages are sent. [RFC4680] should also be added to the references section. It may be helpful to add SupplementalData to Figure 1 on page 34 of rfc4346-bis as well, marked with an asterisk *, following Figure 1 in [RFC4680]. --mark _______________________________________________ TLS mailing list TLS@xxxxxxxx https://www.ietf.org/mailman/listinfo/tls _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf