On Wed, Mar 30, 2016 at 8:22 AM, Eric Rescorla <e...@rtfm.com> wrote:
> This got a lot of discussion early in the design process and the consensus > was that the risk of having the default mode (with existing certs) allow > the > creation of a long-term delegation was too high. See, for instance, the > relative impact of the recent paper by Jager at al. [0] on TLS 1.3 and > QUIC. > > With that said, I think this would be a good feature to look at in future > and the right way to do it is to: > > 1. Add a "this is only usable for TLS 1.3 [or for subcerts]" extension to > PKIX. > 2. Add a subcert extension to TLS 1.3. > OK, awesome. Is it too early to volunteer for this effort? Do you know who the right person is to contact? Thanks again, Bill
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
