On 4/4/18 2:53 PM, Richard Barnes wrote:
> I support publication of the document as is. I would also be
> comfortable with a minor modification to say that TLSA certificate
> usages 0 and 1 (the restrictive ones) MUST NOT be used with this mechanism.
The addition of text that clarifies that seems absolutely reasonable
to me.
I do think there would be a problem with adding additional complexity
to the extension to support functionality that nobody has said that
they intend to use (including the proponents of the changes), given
that the changes would not be introduced to correct an error in
the existing spec.
Melinda
--
Software longa, hardware brevis
PGP key fingerprint 4F68 2D93 2A17 96F8 20F2
34C0 DFB8 9172 9A76 DB8F
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
