[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS endpoint channel bindings in SCRAM
On Thu, Apr 02, 2009 at 11:21:23AM -0500, Nicolas Williams wrote:
> Simon points out that TLS supports non-PKIX certificates.
Actually, that's true, but the way RFC5081 adds support for OpenPGP
certs happens to not work with tls-server-end-point bindings because
there's no certificate_list field in the Certificate message when
OpenPGP certs are negotiated. It would not be difficult to change
tls-server-end-point to cover the use of OpenPGP certs.
Aside: if I read RFC5081 correctly it seems that you can't negotiate the
use of OpenPGP certs for user certs but not for server certs, and vice