Download presentation
Presentation is loading. Please wait.
Published byKelly Potter Modified over 8 years ago
1
August 2001 Slide 1 Extensions to TLS Simon Blake-Wilson Certicom David Hopwood Independent Consultant Jan Mikkelsen Transactionware Magnus Nystrom RSA Security Tim Wright Vodafone
2
August 2001 Slide 2 Content Updates from “wireless extensions” Issues raised The way forward?
3
August 2001 Slide 3 DNS name extension New to the draft Allows a single “machine” to host multiple “servers” Client tells server DNS name of server being contacted Server may use info to help produce response
4
August 2001 Slide 4 Other Extensions Clarified session resumption - extensions ignored during session resumption Short session IDs - removed Client cert urls - client supplies a list, one url = one cert Client cert urls - both cert hash and url supplied Truncated MACs - restricted to HMAC with MD5 and SHA-1 Trusted root indication - cert hash option added
5
August 2001 Slide 5 New Error Alerts Be careful when new error alerts get sent! Unsupported extension Bad extension order Unrecognized domain Certificate unobtainable Bad OCSP response
6
August 2001 Slide 6 Issues How serious is “certificate unobtainable” alert? Do we need to require client driven extensions? How/where do DNS names get canonicalized? Generalize OCSP status request? Tie extensions with TLS version rev?
7
August 2001 Slide 7 The Way Forward? Update based on comments and known issues WG last call?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.