I merged all of these changes into master since it looked like no-one seemed to have strong opinions against them and they seemed like quite reasonable changes.
I'm about to cut a draft-02 with these changes if no-one has strong opinions against. https://github.com/tlswg/tls-subcerts/ Subodh ________________________________ From: TLS <[email protected]> on behalf of Patton,Christopher J <[email protected]> Sent: Tuesday, July 24, 2018 11:04:27 AM To: Ilari Liusvaara Cc: [email protected] Subject: Re: [TLS] Proposed changes to draft-ietf-tls-subcerts Aww, I see your point. You're right, it should be that crit=true if and only if crit=true. > Actually, what usecase do strict certificates serve anyway? I can not > figure out any usecase that would make much sense to me. Dealing with > server endpoints that are capable of LURK but not proof-of-possession > nor is the keyserver capable of format-checking? The point was to enforce that, if a delegation certificate is offered in a handshake, then a DC must be negotiated in that handshake. I wasn't actually there, but I'm told that this feature was brought up at IETF. It doesn't seem like there's a clean way to do this, and I'm not sure this feature is worth the added complexity. I'm going to propose we drop the strict flag and let the critical bit be optional for the extension. What do you think? -Chris
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
