I'm sorry, Russ, but I think this would be seriously deceiving.
Russ Housley wrote: > > If a specification were available that used an extension that involved > both the client and the server, would the working group adopt it, work > on it, and publish it as an RFC? > > I was listening very carefully to the comments made by people in line. > Clearly some people would hum for "no" to the above question, but it > sounded like many felt that this would be a significant difference. > It would ensure that both server and client explicitly opt-in, and any > party observing the handshake could see the extension was included or not. Any party observing the handshake (read: a monitoring middlebox) would see whether client proposed the extension and server confirmed the extension in the clear part of the TLS handshake, and that very same monitoring middlebox very very very probably would kill/prevent all TLS handshakes without that extension being confirmed by the server from completing... ... at which point this is no longer a "rare and occasional voluntary opt-in for debugging broken apps" but rather a policy enforcment known as "coercion". I am violently opposed to standardizing enfored wire-tapping for TLS. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls