draft-ietf-dane-protocol-09.txt   draft-ietf-dane-protocol-10.txt 
Network Working Group P. Hoffman Network Working Group P. Hoffman
Internet-Draft VPN Consortium Internet-Draft VPN Consortium
Intended status: Standards Track J. Schlyter Intended status: Standards Track J. Schlyter
Expires: January 26, 2012 Kirei AB Expires: February 16, 2012 Kirei AB
July 25, 2011 August 15, 2011
Using Secure DNS to Associate Certificates with Domain Names For TLS Using Secure DNS to Associate Certificates with Domain Names For TLS
draft-ietf-dane-protocol-09 draft-ietf-dane-protocol-10
Abstract Abstract
TLS and DTLS use PKIX certificates for authenticating the server. TLS and DTLS use PKIX certificates for authenticating the server.
Users want their applications to verify that the certificate provided Users want their applications to verify that the certificate provided
by the TLS server is in fact associated with the domain name they by the TLS server is in fact associated with the domain name they
expect. TLSA provides bindings of keys to domains that are asserted expect. TLSA provides bindings of keys to domains that are asserted
not by external entities, but by the entities that operate the DNS. not by external entities, but by the entities that operate the DNS.
This document describes how to use secure DNS to associate the TLS This document describes how to use secure DNS to associate the TLS
server's certificate with the intended domain name. server's certificate with the intended domain name.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 26, 2012. This Internet-Draft will expire on February 16, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Certificate Associations . . . . . . . . . . . . . . . . . 3 1.1. Certificate Associations . . . . . . . . . . . . . . . . . 3
1.2. Securing Certificate Associations . . . . . . . . . . . . 4 1.2. Securing Certificate Associations . . . . . . . . . . . . 4
1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. The TLSA Resource Record . . . . . . . . . . . . . . . . . . . 5 2. The TLSA Resource Record . . . . . . . . . . . . . . . . . . . 4
2.1. TLSA RDATA Wire Format . . . . . . . . . . . . . . . . . . 5 2.1. TLSA RDATA Wire Format . . . . . . . . . . . . . . . . . . 5
2.1.1. The Certificate Type Field . . . . . . . . . . . . . . 5 2.1.1. The Certificate Type Field . . . . . . . . . . . . . . 5
2.1.2. The Reference Type Field . . . . . . . . . . . . . . . 6 2.1.2. The Reference Type Field . . . . . . . . . . . . . . . 6
2.1.3. The Certificate for Association Field . . . . . . . . 6 2.1.3. The Certificate for Association Field . . . . . . . . 6
2.2. TLSA RR Presentation Format . . . . . . . . . . . . . . . 6 2.2. TLSA RR Presentation Format . . . . . . . . . . . . . . . 6
2.3. TLSA RR Examples . . . . . . . . . . . . . . . . . . . . . 6 2.3. TLSA RR Examples . . . . . . . . . . . . . . . . . . . . . 6
3. Domain Names for TLS Certificate Associations . . . . . . . . 7 3. Domain Names for TLS Certificate Associations . . . . . . . . 7
4. Semantics and Features of TLSA Certificate Types . . . . . . . 7 4. Semantics and Features of TLSA Certificate Types . . . . . . . 7
4.1. End Entity Certificate . . . . . . . . . . . . . . . . . . 7 4.1. End Entity Certificate . . . . . . . . . . . . . . . . . . 7
4.2. Certification Authority Certificate . . . . . . . . . . . 8 4.2. Certification Authority Certificate . . . . . . . . . . . 8
4.3. Certificate Public Key . . . . . . . . . . . . . . . . . . 8 4.3. Certificate Public Key . . . . . . . . . . . . . . . . . . 8
4.4. Use of TLS Certificate Associations in TLS . . . . . . . . 9 4.4. Use of TLS Certificate Associations in TLS . . . . . . . . 8
5. TLSA and DANE Use Cases and Requirements . . . . . . . . . . . 10 5. TLSA and DANE Use Cases and Requirements . . . . . . . . . . . 9
6. Mandatory-to-Implement Algorithms . . . . . . . . . . . . . . 11 6. Mandatory-to-Implement Algorithms . . . . . . . . . . . . . . 10
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
7.1. TLSA RRtype . . . . . . . . . . . . . . . . . . . . . . . 11 7.1. TLSA RRtype . . . . . . . . . . . . . . . . . . . . . . . 11
7.2. TLSA Certificate Types . . . . . . . . . . . . . . . . . . 11 7.2. TLSA Certificate Types . . . . . . . . . . . . . . . . . . 11
7.3. TLSA Hash Types . . . . . . . . . . . . . . . . . . . . . 12 7.3. TLSA Hash Types . . . . . . . . . . . . . . . . . . . . . 11
8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
10.1. Normative References . . . . . . . . . . . . . . . . . . . 13 10.1. Normative References . . . . . . . . . . . . . . . . . . . 13
10.2. Informative References . . . . . . . . . . . . . . . . . . 14 10.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. TLSA Interactions with Aliasing and Wildcards . . . . 14 Appendix A. Operational Considerations for Deploying TLSA
A.1. TLSA and CNAME . . . . . . . . . . . . . . . . . . . . . . 15 Records . . . . . . . . . . . . . . . . . . . . . . . 14
A.2. TLSA and DNAME . . . . . . . . . . . . . . . . . . . . . . 16 A.1. Provisioning TLSA Records with Aliases . . . . . . . . . . 14
A.3. TLSA and Wildcards . . . . . . . . . . . . . . . . . . . . 16 A.1.1. Provisioning TLSA Records with CNAME Records . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 A.1.2. Provisioning TLSA Records with DNAME Records . . . . . 16
A.1.3. Provisioning TLSA Records with Wildcards . . . . . . . 16
A.2. Securing the Last Hop . . . . . . . . . . . . . . . . . . 16
Appendix B. Pseudocode for Using TLSA . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction 1. Introduction
The first response from the server in TLS may contain a certificate. The first response from the server in TLS may contain a certificate.
In order for the TLS client to authenticate that it is talking to the In order for the TLS client to authenticate that it is talking to the
expected TLS server, the client must validate that this certificate expected TLS server, the client must validate that this certificate
is associated with the domain name used by the client to get to the is associated with the domain name used by the client to get to the
server. Currently, the client must extract the domain name from the server. Currently, the client must extract the domain name from the
certificate, must trust a trust anchor upon which the server's certificate, must trust a trust anchor upon which the server's
certificate is rooted, and must successfully validate the certificate is rooted, and must successfully validate the
skipping to change at page 4, line 43 skipping to change at page 4, line 43
This document only relates to securely getting the DNS information This document only relates to securely getting the DNS information
for the certificate association using DNSSEC; other secure DNS for the certificate association using DNSSEC; other secure DNS
mechanisms are out of scope. mechanisms are out of scope.
1.3. Terminology 1.3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
A note on terminology: Some people have said that this protocol is a This document also makes use of standard PKIX, DNSSEC, and TLS
form of "certificate exclusion". This is true, but only in the sense terminology. See [RFC5280], [RFC4033], and [RFC5246] respectively,
that a DNS reply that contains the certificate types defined here for these terms. In addition, terms related to TLS-protected
inherently excludes every other possible certificate in the universe application services and DNS names are taken from [RFC6125].
(other than those found with a pre-image attack against one of those
two). The certificate type defined here is better thought of as
"enumeration" of a small number of certificate associations, not
"exclusion" of a near-infinite number of other certificates.
2. The TLSA Resource Record 2. The TLSA Resource Record
The TLSA DNS resource record (RR) is used to associate a certificate The TLSA DNS resource record (RR) is used to associate a certificate
with the domain name where the record is found. The semantics of how with the domain name where the record is found. The semantics of how
the TLSA RR is interpreted are given later in this document. the TLSA RR is interpreted are given later in this document.
The type value for the TLSA RR type is TBD. The type value for the TLSA RR type is TBD.
The TLSA RR is class independent. The TLSA RR is class independent.
skipping to change at page 6, line 30 skipping to change at page 6, line 27
Using the same hash algorithm as is used in the signature in the Using the same hash algorithm as is used in the signature in the
certificate will make it more likely that the TLS client will certificate will make it more likely that the TLS client will
understand this TLSA data. understand this TLSA data.
2.1.3. The Certificate for Association Field 2.1.3. The Certificate for Association Field
The "certificate for association". This is the bytes containing the The "certificate for association". This is the bytes containing the
full certificate, SubjectPublicKeyInfo or the hash of the associated full certificate, SubjectPublicKeyInfo or the hash of the associated
certificate or SubjectPublicKeyInfo. For certificate types 1 and 2, certificate or SubjectPublicKeyInfo. For certificate types 1 and 2,
this is the certificate or the hash of the certificate itself, not of this is the certificate or the hash of the certificate itself, not of
the TLS ASN.1Cert object. the TLS ASN.1 Cert object.
2.2. TLSA RR Presentation Format 2.2. TLSA RR Presentation Format
The presentation format of the RDATA portion is as follows: The presentation format of the RDATA portion is as follows:
o The certificate type field MUST be represented as an unsigned o The certificate type field MUST be represented as an unsigned
decimal integer. decimal integer.
o The reference type field MUST be represented as an unsigned o The reference type field MUST be represented as an unsigned
decimal integer. decimal integer.
skipping to change at page 10, line 8 skipping to change at page 9, line 47
If a match between one of the certificate association(s) and the If a match between one of the certificate association(s) and the
server's end entity certificate in TLS is found, the TLS client server's end entity certificate in TLS is found, the TLS client
continues the TLS handshake. If no match between the usable continues the TLS handshake. If no match between the usable
certificate association(s) and the server's end entity certificate in certificate association(s) and the server's end entity certificate in
TLS is found, the TLS client MUST abort the handshake with an TLS is found, the TLS client MUST abort the handshake with an
"access_denied" error. "access_denied" error.
5. TLSA and DANE Use Cases and Requirements 5. TLSA and DANE Use Cases and Requirements
The different types of certificates for association defined in TLSA The different types of certificates for association defined in TLSA
are matched with various sections of [DANEUSECASES]. [[ IMPORTANT are matched with various sections of [DANEUSECASES]. The three use
NOTICE, DANGER OF MOVING PARTS: this draft of the protocol is based cases from section 3 of [DANEUSECASES] are covered in this protocol
on the -02 version of [DANEUSECASES]. As that document changes in as follows:
the WG and IETF Last Call, this protocol might change as well. ]]
The three use cases from section 3 of [DANEUSECASES] are covered in
this protocol as follows:
3.1 CA Constraints -- Implemented using certificate type 2. A 3.1 CA Constraints -- Implemented using certificate type 2. A
hashed association is recommended for well-known certification hashed association is recommended for well-known certification
authorities. authorities.
3.2 Certificate Constraints -- Implemented using certificate type 1. 3.2 Certificate Constraints -- Implemented using certificate type 1.
3.3 Domain-Issued Certificates -- Implemented using certificate type 3.3 Domain-Issued Certificates -- Implemented using certificate type
1 combined with any reference type, or by using certificate type 2 1 combined with any reference type, or by using certificate type 2
together with a full certificate association. together with a full certificate association.
skipping to change at page 14, line 30 skipping to change at page 14, line 11
progress), July 2010. progress), July 2010.
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008. (TLS) Protocol Version 1.2", RFC 5246, August 2008.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008. (CRL) Profile", RFC 5280, May 2008.
[RFC6125] Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, March 2011.
10.2. Informative References 10.2. Informative References
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782, specifying the location of services (DNS SRV)", RFC 2782,
February 2000. February 2000.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000.
[RFC4025] Richardson, M., "A Method for Storing IPsec Keying [RFC4025] Richardson, M., "A Method for Storing IPsec Keying
Material in DNS", RFC 4025, March 2005. Material in DNS", RFC 4025, March 2005.
[RFC4255] Schlyter, J. and W. Griffin, "Using DNS to Securely [RFC4255] Schlyter, J. and W. Griffin, "Using DNS to Securely
Publish Secure Shell (SSH) Key Fingerprints", RFC 4255, Publish Secure Shell (SSH) Key Fingerprints", RFC 4255,
January 2006. January 2006.
Appendix A. TLSA Interactions with Aliasing and Wildcards Appendix A. Operational Considerations for Deploying TLSA Records
The TLSA RR is not special in the DNS; it acts exactly like any other A.1. Provisioning TLSA Records with Aliases
RRtype where the queried name has one or more labels prefixed to the
base name, such as the SRV RRtype [RFC2782]. This sometimes causes
confusion for some developers when using DNS aliasing and wildcards.
A.1. TLSA and CNAME The TLSA resource record is not special in the DNS; it acts exactly
like any other RRtype where the queried name has one or more labels
prefixed to the base name, such as the SRV RRtype [RFC2782]. This
affects the way that the TLSA resource record is used when aliasing
in the DNS.
Note that the IETF sometimes adds new types of aliasing in the DNS.
If that happens in the future, those aliases might affect TLSA
records, hopefully in a good way.
A.1.1. Provisioning TLSA Records with CNAME Records
Using CNAME to alias in DNS only aliases from the exact name given, Using CNAME to alias in DNS only aliases from the exact name given,
not any zones below the given name. For example, assume that a zone not any zones below the given name. For example, assume that a zone
file has only the following: file has only the following:
sub1.example.com. IN CNAME sub2.example.com. sub1.example.com. IN CNAME sub2.example.com.
In this case, a request for "bottom.sub1.example.com" would not In this case, a request for the A record at "bottom.sub1.example.com"
return any records because the CNAME given only aliases the name would not return any records because the CNAME given only aliases the
given. Assume, instead, the zone file has the following: name given. Assume, instead, the zone file has the following:
sub3.example.com. IN CNAME sub4.example.com. sub3.example.com. IN CNAME sub4.example.com.
bottom.sub3.example.com. IN CNAME bottom.sub4.example.com. bottom.sub3.example.com. IN CNAME bottom.sub4.example.com.
In this case, a request for bottom.sub3.example.com would in fact In this case, a request for the A record at bottom.sub3.example.com
return the CNAME record. would in fact return whatever value for the A record exists at
bottom.sub4.example.com.
Application implementations and full-service resolvers request DNS Application implementations and full-service resolvers request DNS
records using libraries that automatically follow CNAME and DNAME records using libraries that automatically follow CNAME (and DNAME)
aliasing. This allows hosts to put TLSA records in their own zones aliasing. This allows hosts to put TLSA records in their own zones
or to use CNAME to do redirection. Thus, any of the following three or to use CNAME to do redirection.
examples are acceptable:
; TLSA record for orignial domin has CNAME to target domain If the owner of the original domain wants a TLSA record for the same,
they simply enter it under the defined prefix:
; No TLSA record in target domain
; ;
sub5.example.com. IN CNAME sub6.example.com. sub5.example.com. IN CNAME sub6.example.com.
_443_tcp.sub5.example.com. IN CNAME _443_tcp.sub6.example.com. _443._tcp.sub5.example.com. IN TLSA 2 0 308202c5308201ab...
sub6.example.com. IN A 10.0.0.0 sub6.example.com. IN A 10.0.0.0
_443_tcp.sub6.example.com. IN TLSA 1 1 536a570ac49d9ba4...
or If the owner of the orginal domain wants to have the target domain
host the TLSA record, the original domain uses a CNAME record:
; TLSA record is duplicated in target domain ; TLSA record for original domain has CNAME to target domain
; ;
sub5.example.com. IN CNAME sub6.example.com. sub5.example.com. IN CNAME sub6.example.com.
_443_tcp.sub5.example.com. IN TLSA 2 0 308202c5308201ab... _443._tcp.sub5.example.com. IN CNAME _443._tcp.sub6.example.com.
sub6.example.com. IN A 10.0.0.0 sub6.example.com. IN A 10.0.0.0
_443_tcp.sub6.example.com. IN TLSA 2 0 308202c5308201ab... _443._tcp.sub6.example.com. IN TLSA 1 1 536a570ac49d9ba4...
or Note that it is acceptable for both the original domain and the
target domain to have TLSA records, but the two records are
unrelated. Consider the following:
; No TLSA record in target domain ; TLSA record in both the original and target domain
; ;
sub5.example.com. IN CNAME sub6.example.com. sub5.example.com. IN CNAME sub6.example.com.
_443_tcp.sub5.example.com. IN TLSA 2 0 308202c5308201ab... _443._tcp.sub5.example.com. IN TLSA 2 0 308202c5308201ab...
sub6.example.com. IN A 10.0.0.0 sub6.example.com. IN A 10.0.0.0
_443._tcp.sub6.example.com. IN TLSA 2 0 ac49d9ba4570ac49...
A.2. TLSA and DNAME In this example, someone looking for the TLSA record for
sub5.example.com would always get the record whose value starts
"308202c5308201ab"; the TLSA record whose value starts
"ac49d9ba4570ac49" would only be sought by someone who is looking for
the TLSA record for sub6.example.com, and never for sub5.example.com.
Note that these methods use the normal method for DNS aliasing using
CNAME: the DNS client requests the record type that they actually
want.
A.1.2. Provisioning TLSA Records with DNAME Records
Using DNAME records allows a zone owner to alias an entire subtree of Using DNAME records allows a zone owner to alias an entire subtree of
names below the name that has the DNAME. This allows the wholesale names below the name that has the DNAME. This allows the wholesale
aliasing of prefixed records such as those used by TLSA, SRV, and so aliasing of prefixed records such as those used by TLSA, SRV, and so
on without aliasing the name itself. on without aliasing the name itself. However, because DNAME can only
be used for subtrees of a base name, it is rarely used to alias
individual hosts that might also be running TLS.
A.3. TLSA and Wildcards A.1.3. Provisioning TLSA Records with Wildcards
Wildcards are generally not terribly useful for RRtypes that require Wildcards are generally not terribly useful for RRtypes that require
prefixing because you can only wildcard at a layer below the host prefixing because you can only wildcard at a layer below the host
name. For exaple, if you want to have the same TLSA record for every name. For example, if you want to have the same TLSA record for
port and every protocol for www.example.com, you might have every TCP port for www.example.com, you might have
*._tcp.www.example.com. IN TLSA 1 1 5c1502a6549c423b... *._tcp.www.example.com. IN TLSA 1 1 5c1502a6549c423b...
This is possibly useful in some scenarios where the same service is This is possibly useful in some scenarios where the same service is
offered on many ports. offered on many ports.
A.2. Securing the Last Hop
[[ Need to add text here about the various ways that a client who is
pulling in TLSA records can be sure that they are protected by
DNSSEC. ]]
Appendix B. Pseudocode for Using TLSA
[[ IMPORTANT NOTE FOR THE DANE WG: Please review this new appendix
carefully. If you find differences between what is here and what is
in the rest of the draft, by all means please send it to the WG
mailing list. The ensuing discussion will hopefully help everyone.
]]
This appendix describes the interactions given earlier in this
specification in pseudocode format. This appendix is non-normative.
If the steps below disagree with the text earlier in the document,
the steps earlier in the document should be considered correct and
this text incorrect.
TLS connect using [transport] to [hostname] on [port] and
receiving end entity cert C for the TLS server:
look up TLSA for _[port]._[transport].[hostname]
if (no secure TLSA record(s) received) {
fall back to "normal" cert validation
}
for each TLSA record R received {
// a PKIX certificate that identifies an end entity
if (R.certType == 1) {
if (R.referenceType == 0) AND (C == R.certAssoc) {
accept the TLS connection
} else if (hash(R.referenceType of C) == R.certAssoc) {
accept the TLS connection
} else {
continue outer loop
}
}
// a PKIX certification authority's certificate
if (R.certType == 2) {
if (R.referenceType == 0) {
if (PKIX validation with R.certAssoc as the only TA succeeds) {
accept the TLS connection
} else {
continue outer loop
}
} else {
if (PKIX validation with existing TAs succeeds) {
for each cert D in path except the EE cert {
if (hash(R.referenceType, D) == R.certAssoc) {
accept the TLS connection
}
}
}
continue outer loop
}
}
// a public key expressed as a PKIX SubjectPublicKeyInfo structure
if (R.certType == 3) {
if (R.referenceType == 0) AND (publicKey(C) == R.certAssoc) {
accept the TLS connection
} else if (hash(R.referenceType, publicKey(C)) == R.certAssoc) {
accept the TLS connection
} else {
continue outer loop
}
}
}
abort TLS handshake with "access_denied" error.
Authors' Addresses Authors' Addresses
Paul Hoffman Paul Hoffman
VPN Consortium VPN Consortium
Email: paul.hoffman@vpnc.org Email: paul.hoffman@vpnc.org
Jakob Schlyter Jakob Schlyter
Kirei AB Kirei AB
 End of changes. 31 change blocks. 
65 lines changed or deleted 169 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/