Closed csosto-pk closed 2 years ago
Ilari’s https://mailarchive.ietf.org/arch/msg/tls/EKJ38ve6kN-5BWGFDKoVs_T_Vi0/ and Martin’s https://mailarchive.ietf.org/arch/msg/tls/DKgRTXxXuC2-0r52d0h96O2ZuRY/ comments regarding tlsflags acknowledgements say that acknowledgements should not be required.
Basically the argument is that the tlsflags behavior should be similar to extensions, which do not have an acknowledgment requirement by default in TLS. Special acknowledgement requirements are defined normatively per extension. Generally the reason is that flags are like extensions and extensions advertise capabilities like compressing a cert and require no acknowledgement. In other words, if an acknowledgement is required for a specific flag it could be specified for that flag, but the general case does not need to require acknowledgement as it most usually will be a request for something which the peer will or will not do.
The WG would need to reach consensus on acknowledging tlsflags by default or not.
From Ilari
Regarding actual need for acknowledgement for this flag, I think that server acknowledging it could be useful so client knows if retrying without flag could be useful or not.
For the client acknowledging it, I find that much less useful. If server proposes the extension, it better have exhaustive issuer list, be using certificates as just holders for raw public keys, or using certificate fingerprints for identification. Anything else looks like it is asking for trouble.
According to the tlsflags draft, each flag is about some capability or some extension that is not part of the TLS base specification. Just because the client and server both support TLS 1.3 does not mean that they both support this extension or that they both have this capability. If the client does not specify the flag, then the server cannot know that the client supports the extension. Conversely, if the server doesn’t acknowledge it, then the client cannot know that the server supports the extension. The same is true for a flag proposed by the server in the certReq and acknowledged in the certificate message. So every flag needs to be acknowledged.