<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<p class="details" style="font-style: italic; color: #777;">

<a href="https://gitlab.com/Vrancken">Tom</a>

commented on a discussion

on <a href="https://gitlab.com/gnutls/gnutls/merge_requests/650#note_101688743">doc/cha-gtls-app.texi</a>:

</p>

<table>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="1300" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1300

</td>

<td class="diff-line-num new_line" data-linenumber="1322" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1322

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC1322" class="line" lang="plaintext">(i.e. different for the client than for the server).</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="1301" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1301

</td>

<td class="diff-line-num new_line" data-linenumber="1323" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1323

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC1323" class="line" lang="plaintext"></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="">

<td class="diff-line-num old_line" data-linenumber="1302" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1302

</td>

<td class="diff-line-num new_line" data-linenumber="1324" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

1324

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC1324" class="line" lang="plaintext">Currently supported types are:</span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="">

<td class="diff-line-num old old_line" data-linenumber="1303" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

1303

</td>

<td class="diff-line-num new_line old" data-linenumber="1325" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC1303" class="line" lang="plaintext">CTYPE-X509 or CTYPE-X.509. Catch all is CTYPE-ALL.</span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="">

<td class="diff-line-num new old_line" data-linenumber="1304" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="1325" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

1325

</td>

<td class="line_content new noteable_line" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC1325" class="line" lang="plaintext">CTYPE-X509 or CTYPE-X.509<span class="idiff left right">, CTYPE-RAWPK or CTYPE-RAWPUBKEY</span>. Catch all is CTYPE-ALL.</span>

</pre>

</td>

</tr>

</table>

<div>

<p dir="auto">If we are going to support raw public-keys then we have different certificate credential types. A user must therefore be able to set a preference for which credentials should be chosen first during the negotiation in the handshake. A server administrator could for example set both a X509 certificate credential and raw public-key. Depending on what a client is willing to accept (this can be negotiated via our new cert type extensions) the server presents either one of its credentials. But if a client accepts for example both a regular x509 certificate as well as a raw public-key then you should be able to specify an order of preference. That is where the priority strings come in. The same holds for the client in case of a client certificate request.</p>

<p dir="auto">So just as we are able to specify a priority order of the available ciphers and other cryptographic params, we also want to be able to specify an order of preferred (certificate) credentials types. Previously, pgp was also an option in this list. If you will accept my tls-kdh patch (which will be next in line ;-)) then we get another certificate type (representing a kerberos ticket).</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/merge_requests/650#note_101688743">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/7209626ea4b42359898470726eb85f77/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/merge_requests/650#note_101688743"}}</script>

</p>

</div>

</body>

</html>