> 1) Both server and client must explicitly opt-in Why can't it be implicit such as when you click-through on the website's terms of service?
> 2) A third party should be able to tell whether or not this feature is > enabled by observing the stream Why? Because we want to watch who's doing it? Do we watch who is leaking plaintext? _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
