Hi, 1) There are two types of extensions: a) That modify the directly how the engine works like [max_fragment_length,heartbeat,encrypt_then_mac,extended_master_secret,SessionTicket,...] b) That provide information (modify the network protocol) like [npn,alpn,status_request,...] 2) Some of the extionsions could be called deprecated like heartbeat, npn and compression
signed_certificate_timestamp -> could be done without ocsp interference via extra handshake message like you can see it on https://suche.org there are 3 ways how this can be archived Included in Certificate, OCSP-Response, Extra handshake Message. extended_master_secret -> would be hard to implement. There are two ways to enable better plugin/develop: + Expose the client handshake to KeyManager/TrustManager/Client/Server + Generic way to add extra messages [status_request, user_mapping, client_authz, server_authz, application_layer_protocol_negotiation, status_request_v2, signed_certificate_timestamp, npn, TLS_FALLBACK_SCSV Specially the information what the client can could be interesting for site owner to decide what he should take care and what is so unusual that it can be ignored. Gruß Thomas
