On 12/12/15 15:02, Salz, Rich wrote:
I think that the best way to deal with the status_request_v2 extension is to
make it a proper part of the TLS 1.3 messages, probably Certificate or
CertificateVerify. This is a fairly heavily important extension.
I'd be in favor of this.
Wouldn't switching OCSP stapling from "extension" to "proper part of the
TLS 1.3 messages" mess things up for the TLS Feature certificate
extension [1], which can be used to tell a TLS client that it should
expect to receive TLS extension 5 (status_request) and/or TLS extension
17 (status_request_v2) from the TLS server?
[1] https://tools.ietf.org/html/rfc7633
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
