> On Apr 12, 2018, at 6:34 PM, Shumon Huque <shu...@gmail.com> wrote:
> Implementers that are opposed to pinning would then just ignore this second 
> draft (and not bother with the authenticated denial part of the first draft).

The pin hint is NOT an obligation on the client or the server.  It is OPTIONAL.
Servers can send 0, and clients can just IGNORE the pin.  It is far easier
to ignore the additional field, than to specify a separate extension.

> Since it 
> seems pretty clear you're not going to consensus on adding pinning to the 
> current 
> draft, I think you should pursue this approach.

The consensus call is open until Apr 18th, we may not have heard from everyone 


TLS mailing list

Reply via email to