On 3/21/17 4:20 PM, Eric Rescorla wrote: > SUBSTANTIVE > > Servers receiving a "dnssec_chain" extension in the client hello, and > which are capable of being authenticated via DANE, SHOULD return a > serialized authentication chain in the Certificate message, using the > format described below. The authentication chain will be an > extension to the certificate_list to which the certificate being > authenticated belongs. > > In TLS 1.3, the extensions are attached to the certificates, so you > need to say which one. I assume end entity. You could also shove > this in EncryptedExtensions, one supposes. > > > EDITORIAL > You should replace "client hello" with ClientHello throughout.
Thanks, EKR. I've updated the draft based on these comments and will submit it once submissions reopen. Melinda
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
