On Wed, Apr 18, 2018 at 4:42 PM, Paul Wouters <p...@nohats.ca> wrote:
> > 2. Explicitly allow (but do not require) DoE be included >> > > The document does not currently allow the extension to be empty. So if > there is no TLSA record and the extension would be present, it therefore > can only contain a DoE chain. So what do you mean with item 2? Possibly > you mean to say "if there is no TLSA record, the extension can be omited > or the extension can be included with a DoE chain" ? That would be okay > with us. Yes, my understanding is that's what it means. Note that Section 8 ("Mandating Use") already did hint at the future possibility of this extension carrying a DoE chain that could be deployed in a TLS application ecosystem where all servers understood and were prepared to respond to this extension. The plan is to now add text that allows DoE chains more generally, with details of use defined in subsequent documents. Shumon.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls