Hi Alexey, the first example indeed has a copy-and-paste error. I fixed it. Ciao Hannes On 08/08/2013 05:26 PM, Alexey Melnikov wrote:
On 02/08/2013 08:23, The IESG wrote:The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Out-of-Band Public Key Validation for Transport Layer Security (TLS)' <draft-ietf-tls-oob-pubkey-09.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@xxxxxxxx mailing lists by 2013-08-16. Exceptionally, comments may be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies a new certificate type and two TLS extensions, one for the client and one for the server, for exchanging raw public keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) for use with out-of-band public key validation.Hi, I just read the document and support its publication. I think I found one minor issue: Section 4.1 says: In order to indicate the support of out-of-band raw public keys, clients MUST include the 'client_certificate_type' and 'server_certificate_type' extensions in an extended client hello message. The hello extension mechanism is described in TLS 1.2 [RFC5246]. In Section 5 (the first example): client_hello, server_certificate_type=(RawPublicKey) -> // [1] So it looks like the example doesn't comply with the MUST requirement in the Section 4.1 ("client_certificate_type" is missing) or the requirement stated in Section 4.1 is incorrect. I suspect you meant "'client_certificate_type' and/or 'server_certificate_type'" in Section 4.1. Best Regards, Alexey