From 7957c3a13a74d33a1cb5e79529a15db6ccef5d85 Mon Sep 17 00:00:00 2001 From: David Schinazi Date: Wed, 28 Aug 2024 10:24:52 -0700 Subject: [PATCH] Concealed auth: responsible AD review --- draft-ietf-httpbis-unprompted-auth.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-unprompted-auth.md b/draft-ietf-httpbis-unprompted-auth.md index 1596f1e73..43e32ea39 100644 --- a/draft-ietf-httpbis-unprompted-auth.md +++ b/draft-ietf-httpbis-unprompted-auth.md @@ -152,7 +152,7 @@ exchanged using authentication parameters (see {{auth-params}}). When a client wishes to uses the Concealed HTTP authentication scheme with a request, it SHALL compute the authentication proof using a TLS keying material -exporter {{!KEY-EXPORT=RFC5705}} with the following parameters: +exporter with the following parameters: * the label is set to "EXPORTER-HTTP-Concealed-Authentication" @@ -160,6 +160,10 @@ exporter {{!KEY-EXPORT=RFC5705}} with the following parameters: * the exporter output length is set to 48 bytes (see {{output}}) +Note that TLS 1.3 keying material exporters are defined in {{Section 7.5 of +TLS}}, while TLS 1.2 keying material exporters are defined in +{{!KEY-EXPORT=RFC5705}}. + ## Key Exporter Context {#context} The TLS key exporter context is described in {{fig-context}}: @@ -264,7 +268,7 @@ right values. This is described in {{fig-output}}: ~~~ {: #fig-output title="Key Exporter Output Format"} -The key exporter context contains the following fields: +The key exporter output contains the following fields: Signature Input: