Dear all, I don't think this design needs to be as complex as it is. Why isn't signing a party-dependent (server or client) exporter with the key of the certificate, and then appending the certificate chain, enough? I am fairly certain this gets the properties we need. Further, the language around jointly authoritative remains very opaque to me.
My other (much more minor) comment is that exporters labels should start with "EXPORTER" in RFC 5705, and I don't see why this draft shouldn't do it. Sincerely, Watson Ladd
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
