Open pohlm01 opened 1 week ago
Hmm. This does fall somewhat naturally from reusing the same TAI namespace between X.509 and Bikeshed (for completeness, we could have decided to just have a separate bikeshed_trust_anchors
extension), but I suspect tying certificate format to trust anchor negotiation quite this tightly might be a bit too restrictive:
So I suspect it'll be simplest if we keep the type explicit.
Merkle Tree Certificates require the
trust_anchors
extension defined in this repository, as well as theserver_certificate_type
andclient_certificate_type
extensions defined in RFC 7250 (raw public keys).The current draft says:
If we change this to include the selected Trust Anchor instead, we would implicitly negotiate the certificate type as well and leave out the
server_certificate_type
andclient_certificate_type
extensions. I considered the following scenarios:trust_anchors
extension, with exactly one entry in the firstCertificateEntry
of theCertificate
message. (As an optimization, we could introduce a separate extension only to be used in theCertificateEntry
message that always contains exactly one entry. This would save two bytes for the length encoding.)CertificateRequest
message and would again retrieve the selected one as part of theCertificate
message.This approach has a few implications:
CertificateEntry
message to allow the application to interpret the data after it processed the extensions. See https://github.com/davidben/merkle-tree-certs/pull/95CertificateEntry
message, as it transmits the TAI instead of an empty extension. We could think of sending the TAI only for certificate types that are not X509, but that might complicate things.