On Thu, Dec 14, 2017 at 5:43 PM, David Benjamin <[email protected]> wrote:
> Another observation about the middlebox issue: if we leave the text as-is, > where it is defined for TLS 1.2 server certificates, but we all silently > agree that servers should decline it at TLS 1.2, clients are still > obligated to implement it in their TLS 1.2 state machine because the > advertisement is the same. > > If we're never going to deploy it in TLS 1.2 anyway, this seems like a > waste of the complexity budget. Better to say it is not defined for TLS 1.2 > at all because of non-compliant middleboxes and avoid all this ambiguity. > This is a good point. I've written a PR to change the extension to 1.3-only: https://github.com/tlswg/certificate-compression/pull/9
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
