Created attachment 564913 [details] draft-agl-tls-encryptedclientcerts-00.html This TLS extension is specified in the attached draft by Adam Langley draft-agl-tls-encryptedclientcerts-00.html. It addresses the privacy issue of sending a client certificate by sending the Certificate handshake message after the ChangeCipherSpec message.
Created attachment 564919 [details] [diff] [review] Patch by Adam Langley The attached patch is written by Adam Langley. This patch hasn't been tested in Chrome yet.
Created attachment 569148 [details] draft-agl-tls-encryptedclientcerts-00.txt agl just submitted the draft to IETF: http://www.ietf.org/id/draft-agl-tls-encryptedclientcerts-00.txt
Created attachment 572721 [details] [diff] [review] Patch by Adam Langley, v2 Updated the patch to the current NSS trunk and made minor edits.
Created attachment 573718 [details] [diff] [review] Patch by Adam Langley, v3 I did a thorough review, made some small changes to ssl3con.c (prSpec vs. crSpec, etc.), and added a test case to sslauth.txt. This patch is now of checkin quality, except for the use of unofficial TLS extension number.
We have decided to abandon this extension. See the Chromium changelist https://chromiumcodereview.appspot.com/10387222/
In the event that this ever gets resurrected: We need to consider whether this extension implies any guarantee that we will have authenticated the server's certificate before sending the client certificate. In the current libssl code, ssl3_SencClientSecondRound will block the handshake until the server's cert has been authenticated, when otherwise the handshake would continue through the Finished messages before blocking on peer certificate authentication.