If the use of the mechanism is not negotiated on the TLS level then I would appreciate it if the “Security Considerations” section of the draft could be amended to include a paragraph that warns potential implementors that protocol-agnostic middleboxes will break the mechanism without any clear failure indicators.
> On May 8, 2018, at 8:13 PM, Martin Thomson <martin.thom...@gmail.com> wrote: > > On Wed, May 9, 2018 at 2:20 AM Roelof duToit <r@nerd.ninja> wrote: > >> I understand that there is not really anything to negotiate per se, but > would it not be prudent to add a TLS extension to negotiate support for > exported-authenticator in the TLS layer prior to using it in the > application layer? > > We don't signal the potential need for exporters. I see no reason to > signal this either. Any signaling necessary really belongs at the higher > layer. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
