On Wed, Feb 14, 2018 at 4:07 AM, Kathleen Moriarty
> What's the behavior when the middlebox is a proxy, let's say existing
> a managed network? I presume from from section 3.1 that this
> negotiation doesn't work in that instance unless sites configured for
> this are not subject to the proxy as is often done for financial site
> access from corporate networks. It would be good to know if it does
> work and that is addressed with the text Mirja calls out for her #1
> question. Having this clarified could be helpful.
If there is a MitM, then this extension simply isn't negotiated.
That's pretty well understood. I don't see why that requires special
TLS mailing list