This issue is related to the The Bootz Procedure: BootstrapStream v1.0 defined at the following link:
https://github.com/openconfig/bootz?tab=readme-ov-file#bootz-procedure-bootstrapstream-v10
Bullet 2, sub-bullet ii states:
The device MUST NOT present a client certificate in the TLS handshake.
It is up to the server to request that the client send or not send a certificate based on whether the server include CertificateRequest with its ServerHello message.
If the server includes CertificateRequest, then the Client must includes its certificate; otherwise, the TLS handshake will fail.
I am assuming that you are not suggesting that the Client not send its certificate when it receives a CertificateRequest, but that the server will not include the CertificateRequest in its ServerHello.
If that is the case, then I think the above statement should be clarified.
This issue is related to the The Bootz Procedure: BootstrapStream v1.0 defined at the following link:
https://github.com/openconfig/bootz?tab=readme-ov-file#bootz-procedure-bootstrapstream-v10
Bullet 2, sub-bullet ii states:
The device MUST NOT present a client certificate in the TLS handshake.
It is up to the server to request that the client send or not send a certificate based on whether the server include CertificateRequest with its ServerHello message.
If the server includes CertificateRequest, then the Client must includes its certificate; otherwise, the TLS handshake will fail.
I am assuming that you are not suggesting that the Client not send its certificate when it receives a CertificateRequest, but that the server will not include the CertificateRequest in its ServerHello.
If that is the case, then I think the above statement should be clarified.