On Wed, Mar 9, 2016 at 6:05 AM, Hannes Tschofenig <[email protected]> wrote: > I still hope that this can be taken into consideration. I saw the > proposal from Martin about defining another extension. This may be an > option and maybe the answer is as simple as "don't use certificates for > such scenarios".
I'm not sure that I understand your use-case enough to say anything intelligent about it I'm afraid. I'm just noting here that adding new SNI types is pretty bug-rusted. Now, if you have a completely separate ecosystem you can solve the deployment issues, of course. But I worry that if new SNI types are added then, sooner or later, people will start to run into problems with the current implementation ecosystem and a bunch of effort will be wasted which could have been avoided by defining a new extension. Therefore I recommend defining a new extension rather than a new SNI type. Additionally, I'm suggesting that, in general, it's a good idea to avoid nesting extension-like structures inside an extension in favour of adding top-level extensions as needed. Cheers AGL -- Adam Langley [email protected] https://www.imperialviolet.org _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
