Re: ktls-utils and gnutls

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daiki Ueno <ueno@gnu.org>
To: Hannes Reinecke <hare@suse.de>
Cc: Chuck Lever III <chuck.lever@oracle.com>,
	 kernel-tls-handshake <kernel-tls-handshake@lists.linux.dev>
Subject: Re: ktls-utils and gnutls
Date: Sat, 13 Jan 2024 06:22:24 +0900	[thread overview]
Message-ID: <87frz29rhr.fsf-ueno@gnu.org> (raw)
In-Reply-To: <18007242-4dc7-45ed-905b-a3994f62e4e2@suse.de> (Hannes Reinecke's message of "Fri, 12 Jan 2024 15:24:43 +0100")

Hannes Reinecke <hare@suse.de> writes:

> There are some issues which could've been addressed:
>
> 1. Multiple PSK keys per ClientHello: the RFC allows for multiple
>    PSKs to be sent with each ClientHello, yet gnutls implements
>    only support for a single PSK. This is getting interesting
>    when several cipher suites with different lengths or different
>    scopes are supported, and the server could pick the appropriate
>    one instead of having the client to retry a ClientHello with
>    every available PSK.
>
> 2. Support for SPDM device attestation certificates: SPDM has defined
>    the use of X.509 certificates for device attestation. But as these
>    certificates are not bound to a network instance SPDM makes use
>    of 'Subject Alternative Name' with a distinct OID. It would be
>    good to implement support for SPDM X.509 certificates as chances
>    are they will become more prevalent.
>    And any implementor will need to generate valid SPDM certificates
>    to test out the implementation ...

Thank you.  I've added both ideas to the list.

Regards,
-- 
Daiki Ueno

     prev parent reply	other threads:[~2024-01-12 21:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <878r4v6j0t.fsf-ueno@gnu.org>
2024-01-12 14:06 ` ktls-utils and gnutls Chuck Lever III
2024-01-12 14:24   ` Hannes Reinecke
2024-01-12 21:22     ` Daiki Ueno [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87frz29rhr.fsf-ueno@gnu.org \
    --to=ueno@gnu.org \
    --cc=chuck.lever@oracle.com \
    --cc=hare@suse.de \
    --cc=kernel-tls-handshake@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.