SUBSTANTIVE Servers receiving a "dnssec_chain" extension in the client hello, and which are capable of being authenticated via DANE, SHOULD return a serialized authentication chain in the Certificate message, using the format described below. The authentication chain will be an extension to the certificate_list to which the certificate being authenticated belongs.
In TLS 1.3, the extensions are attached to the certificates, so you need to say which one. I assume end entity. You could also shove this in EncryptedExtensions, one supposes. EDITORIAL You should replace "client hello" with ClientHello throughout. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
