Is TLS1.3 support missing the "certificate_authorities" extension?

Andrew Leonard andrew_m_leonard at uk.ibm.com
Tue Jan 15 09:03:22 UTC 2019


Re-posting this question..

Isn't the "certificate_authorities" extension mandatory for TLS1.3?

https://bugs.openjdk.java.net/browse/JDK-8206925

See https://tools.ietf.org/html/draft-ietf-tls-tls13-20#section-4.2.4 
There's a known typo in 
https://tools.ietf.org/html/draft-ietf-tls-tls13-20#section-4.4.2.2 
which from this comment: 
https://www.ietf.org/mail-archive/web/tls/current/msg23612.html 
indicates section 4.4.2.2 was a typo and "certificate_authorities" should 
be used instead of "trusted_ca_keys" 

Should JDK-8206925 be a "bug"? Thoughts? 

Many thanks
Andrew

Andrew Leonard
Java Runtimes Development
IBM Hursley
IBM United Kingdom Ltd
Phone internal: 245913, external: 01962 815913
internet email: andrew_m_leonard at uk.ibm.com 


Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20190115/6d543c6e/attachment.html>


More information about the security-dev mailing list