[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D Action:draft-ietf-radext-radsec-00.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
| Apart from that, the title, abstract, some sections in the main body
| were updated to reflect the splitting. No real content changes in it.
It has been brought to my attention that the feature of Trusted CA
Indication (which I thought is not there before TLS 1.2) is already
present in TLS 1.1 - at least RFC-wise, I didn't check any
implementations. Anyway, the section dealing with this should be
corrected, I suggest the following text:
~ The list of Certification Authorities that a node which acts as a
~ client is willing to accept SHOULD be signaled within the TLS
~ Extension "Trusted CA Indication" during the TLS handshake, as
~ described in [8], section 3.4 (or equivalent extensions in future TLS
~ versions). Omitting this indication makes it impossible to
~ deterministically select the right certificate if a RadSec node which
~ is acting as a server for multiple roaming consortia (in possession
~ of multiple certificates from different CAs) is contacted by a
~ client.
( [8] being RFC4266)
Greetings,
Stefan Winter
- --
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFIafj++jm90f8eFWYRAmoCAKCG0yrTwTvHfhMfj/hHvy7Z+rtr0ACcDN8j
PCkQZToKFPvXcJFrJnMhxME=
=gmRO
-----END PGP SIGNATURE-----
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>