Unify client and server certificate selection text #1361

davidben · 2024-06-13T14:02:29Z

I noticed this as I was looking for where we officially wrote down the implications of the X.509 Key Usage extension. We wrote it down for the server, but forgot to for the client.

The root issue is that we unified certificate negotiation in TLS 1.3 (ClientHello/Certificate and CertificateRequest/Certificate are now nice and symmetric), but forgot to correspondingly unify some of this prose. As a result, we said the same thing in different ways, and forgot different things in either place.

This change merges the two.

I noticed this as I was looking for where we officially wrote down the implications of the X.509 Key Usage extension. We wrote it down for the server, but forgot to for the client. The root issue is that we unified certificate negotiation in TLS 1.3 (ClientHello/Certificate and CertificateRequest/Certificate are now nice and symmetric), but forgot to correspondingly unify some of this prose. As a result, we said the same thing in different ways, and forgot different things in either place. This change merges the two.

draft-ietf-tls-rfc8446bis.md

ilucas39

◢💙◣ ◢💖◣
💙💙💙◣ ◢💖💖💖
◥💙💙💙💖💖💖◤
◥💙💙💖💖◤
◥💙💖◤
◥ ◤

davidben force-pushed the unify-cert-selection branch from 1e6f544 to 5a4dfe7 Compare June 13, 2024 16:24

bob-beck reviewed Jun 13, 2024

View reviewed changes