On Wed, Mar 30, 2016 at 8:37 AM, Bill Cox <[email protected]> wrote:
> On Wed, Mar 30, 2016 at 8:22 AM, Eric Rescorla <[email protected]> wrote: > >> This got a lot of discussion early in the design process and the consensus >> was that the risk of having the default mode (with existing certs) allow >> the >> creation of a long-term delegation was too high. See, for instance, the >> relative impact of the recent paper by Jager at al. [0] on TLS 1.3 and >> QUIC. >> >> With that said, I think this would be a good feature to look at in future >> and the right way to do it is to: >> >> 1. Add a "this is only usable for TLS 1.3 [or for subcerts]" extension to >> PKIX. >> 2. Add a subcert extension to TLS 1.3. >> > > OK, awesome. Is it too early to volunteer for this effort? > No! > Do you know who the right person is to contact? > Shoot me an email offline and I can walk you through what I think would be required to get this going. -Ekr > > Thanks again, > Bill >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
