diff --git a/draft-ietf-uta-tls13-iot-profile.html b/draft-ietf-uta-tls13-iot-profile.html index 89c63f8..5c58ba4 100644 --- a/draft-ietf-uta-tls13-iot-profile.html +++ b/draft-ietf-uta-tls13-iot-profile.html @@ -1343,7 +1343,7 @@

Section 4.6.2 of [TLS13] only offers client-to-server authentication. The "Exported Authenticator" specification, see [RFC9261], recently added support for mutual, post-handshake authentication but -requires payloads to be exchanged by the application layer protocol.

+requires the Certificate, CertificateVerify and the Finished messages to be exchanged by the application layer protocol, as it is exercised for HTTP/2 and HTTP/3 in [I-D.ietf-httpbis-secondary-server-certs].

  • Rekeying of the application traffic secret does not lead to an update of the @@ -2358,6 +2358,10 @@

    Huque, S. and V. Dukhovni, "TLS Extension for DANE Client Identity", Work in Progress, Internet-Draft, draft-ietf-dance-tls-clientid-03, , <https://datatracker.ietf.org/doc/html/draft-ietf-dance-tls-clientid-03>.
    +
    [I-D.ietf-httpbis-secondary-server-certs]
    +
    +Gorbaty, E. and M. Bishop, "Secondary Certificate Authentication of HTTP Servers", Work in Progress, Internet-Draft, draft-ietf-httpbis-secondary-server-certs-00, , <https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-secondary-server-certs-00>.
    +
    [I-D.ietf-pquip-pqc-engineers]
    Banerjee, A., Reddy.K, T., Schoinianakis, D., Hollebeek, T., and M. Ounsworth, "Post-Quantum Cryptography for Engineers", Work in Progress, Internet-Draft, draft-ietf-pquip-pqc-engineers-05, , <https://datatracker.ietf.org/doc/html/draft-ietf-pquip-pqc-engineers-05>.
    diff --git a/draft-ietf-uta-tls13-iot-profile.txt b/draft-ietf-uta-tls13-iot-profile.txt index 29f7532..9cdbb80 100644 --- a/draft-ietf-uta-tls13-iot-profile.txt +++ b/draft-ietf-uta-tls13-iot-profile.txt @@ -171,8 +171,10 @@ Table of Contents Section 4.6.2 of [TLS13] only offers client-to-server authentication. The "Exported Authenticator" specification, see [RFC9261], recently added support for mutual, post-handshake - authentication but requires payloads to be exchanged by the - application layer protocol. + authentication but requires the Certificate, CertificateVerify and + the Finished messages to be exchanged by the application layer + protocol, as it is exercised for HTTP/2 and HTTP/3 in + [I-D.ietf-httpbis-secondary-server-certs]. * Rekeying of the application traffic secret does not lead to an update of the exporter secret (see Section 7.5 of [TLS13]) since the derived export secret is based on the exporter_master_secret @@ -1097,6 +1099,13 @@ Table of Contents . + [I-D.ietf-httpbis-secondary-server-certs] + Gorbaty, E. and M. Bishop, "Secondary Certificate + Authentication of HTTP Servers", Work in Progress, + Internet-Draft, draft-ietf-httpbis-secondary-server-certs- + 00, 11 April 2024, . + [I-D.ietf-pquip-pqc-engineers] Banerjee, A., Reddy.K, T., Schoinianakis, D., Hollebeek, T., and M. Ounsworth, "Post-Quantum Cryptography for diff --git a/index.html b/index.html index 35aee50..6f34cef 100644 --- a/index.html +++ b/index.html @@ -29,7 +29,7 @@

    Preview for branch hannestschofenig-patch TLS/DTLS 1.3 IoT Profiles plain text - diff with master + same as master

    Preview for branch ci-fix