On 12 May 2016 at 12:41, David Benjamin <david...@chromium.org> wrote: > Sure, if we end up doing something on the server, mirroring sounds > reasonable enough. (This would just be for re-asserting the private key and > not switching certificates, right?)
Not planning to allow it :) >[re: post handshake as an extension] > For HTTP, doing it in an extension the obvious way doesn't quite work. > Whether Chrome is willing to do renego depends on how ALPN resolves (we > leave it at its default off state and, after the initial handshake but > before we could consume a HelloRequest, toggle it off). Yeah, it's not ideal, but you could advertise support, then refuse to respond when it is requested of you in situations that you don't like. But Chrome is, as ever, somewhat special in this regard. Everyone else would be sort of protected from accidents unless they took the same rather extraordinary steps to enable the feature. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls