<span style=" font-size:10pt;font-family:sans-serif">Thanks for the feedback
Sean,</span>
<br><span style=" font-size:10pt;font-family:sans-serif">Do we have a view
on the "priority" for such an enhancement? While we don't support
it, what won't work or is limited? Ajay?</span>
<br><span style=" font-size:10pt;font-family:sans-serif">Cheers</span>
<br><span style=" font-size:10pt;font-family:sans-serif">Andrew</span>
<br>
<br><span style=" font-size:12pt">Andrew Leonard<br>
Java Runtimes Development<br>
IBM Hursley<br>
IBM United Kingdom Ltd<br>
Phone internal: 245913, external: 01962 815913<br>
internet email: andrew_m_leonard@uk.ibm.com </span>
<br>
<br>
<br>
<br>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From:
       </span><span style=" font-size:9pt;font-family:sans-serif">Sean
Mullan <sean.mullan@oracle.com></span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To:
       </span><span style=" font-size:9pt;font-family:sans-serif">Andrew
Leonard <andrew_m_leonard@uk.ibm.com>, security-dev@openjdk.java.net</span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Cc:
       </span><span style=" font-size:9pt;font-family:sans-serif">Ajay
Reddy <areddy@us.ibm.com>, Alaine DeMyers <alaine@us.ibm.com></span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date:
       </span><span style=" font-size:9pt;font-family:sans-serif">15/01/2019
13:39</span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject:
       </span><span style=" font-size:9pt;font-family:sans-serif">Re:
Is TLS1.3 support missing the "certificate_authorities" extension?</span>
<br>
<hr noshade>
<br>
<br>
<br><tt><span style=" font-size:10pt">Hello,<br>
<br>
On 1/15/19 4:03 AM, Andrew Leonard wrote:<br>
> Re-posting this question..<br>
> <br>
> Isn't the "certificate_authorities" extension mandatory
for TLS1.3?<br>
<br>
The text in question says "SHOULD" and not "MUST" [1].
So while it is <br>
very desirable, I would not categorize this as a mandatory requirement.<br>
<br>
> <br>
> _https://urldefense.proofpoint.com/v2/url?u=https-3A__bugs.openjdk.java.net_browse_JDK-2D8206925-5F&d=DwIC-g&c=jf_iaSHvJObTbx-siA1ZOg&r=NaV8Iy8Ld-vjpXZFDdTbgGlRTghGHnwM75wUPd5_NUQ&m=oBlMiJsdliKXCh6xlsC6g8rXysVIW6yBnRhW7uyqc8U&s=fXR6uf8ytLCOekA3CJ9goijSOsnkE1wrBf0wfoa_czY&e=<br>
> <br>
> See _https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtls-2Dtls13-2D20-23section-2D4.2.4-5F&d=DwIC-g&c=jf_iaSHvJObTbx-siA1ZOg&r=NaV8Iy8Ld-vjpXZFDdTbgGlRTghGHnwM75wUPd5_NUQ&m=oBlMiJsdliKXCh6xlsC6g8rXysVIW6yBnRhW7uyqc8U&s=4Znnq5ZgqzAESypi4g2C1Xd-Yr1FxK4cTa4_0k3amHs&e=<br>
> There's a known typo in<br>
> _https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtls-2Dtls13-2D20-23section-2D4.4.2.2-5F&d=DwIC-g&c=jf_iaSHvJObTbx-siA1ZOg&r=NaV8Iy8Ld-vjpXZFDdTbgGlRTghGHnwM75wUPd5_NUQ&m=oBlMiJsdliKXCh6xlsC6g8rXysVIW6yBnRhW7uyqc8U&s=K7autmuNw1rTGW0J32W1bDIiQXN0s2OfUD5ueAK6z7o&e=<br>
> which from this comment:<br>
> _https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tls_current_msg23612.html-5F&d=DwIC-g&c=jf_iaSHvJObTbx-siA1ZOg&r=NaV8Iy8Ld-vjpXZFDdTbgGlRTghGHnwM75wUPd5_NUQ&m=oBlMiJsdliKXCh6xlsC6g8rXysVIW6yBnRhW7uyqc8U&s=eagruzUipLL49ZtMHhrbAg3RIRRB1Ucbpx-VNLD6qvU&e=<br>
> indicates section 4.4.2.2 was a typo and "certificate_authorities"
should<br>
> be used instead of "trusted_ca_keys"<br>
<br>
Note that your links above are referencing the Internet Draft. This has
<br>
been corrected in the RFC: <br>
</span></tt><a href="https://tools.ietf.org/html/rfc8446#section-4.4.2.2"><tt><span style=" font-size:10pt">https://tools.ietf.org/html/rfc8446#section-4.4.2.2</span></tt></a><tt><span style=" font-size:10pt"><br>
<br>
> Should JDK-8206925 be a "bug"? Thoughts?<br>
<br>
It seems correct as an Enhancement.<br>
<br>
--Sean<br>
<br>
[1] </span></tt><a href="https://tools.ietf.org/html/rfc2119"><tt><span style=" font-size:10pt">https://tools.ietf.org/html/rfc2119</span></tt></a><tt><span style=" font-size:10pt"><br>
<br>
> <br>
> Many thanks<br>
> Andrew<br>
> <br>
> Andrew Leonard<br>
> Java Runtimes Development<br>
> IBM Hursley<br>
> IBM United Kingdom Ltd<br>
> Phone internal: 245913, external: 01962 815913<br>
> internet email: andrew_m_leonard@uk.ibm.com<br>
> <br>
> <br>
> Unless stated otherwise above:<br>
> IBM United Kingdom Limited - Registered in England and Wales with
number <br>
> 741598.<br>
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire
PO6 3AU<br>
<br>
</span></tt>
<br>
<br>
<br><span style=" font-size:10pt;font-family:sans-serif"><br>
Unless stated otherwise above:<br>
IBM United Kingdom Limited - Registered in England and Wales with number
741598. <br>
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
3AU<br>
</span>