On Wed, Apr 18, 2018 at 4:42 PM, Paul Wouters <p...@nohats.ca> wrote:
>
> 2. Explicitly allow (but do not require) DoE be included
>>
>
> The document does not currently allow the extension to be empty. So if
> there is no TLSA record and the extension would be present, it therefore
> can only contain a DoE chain. So what do you mean with item 2? Possibly
> you mean to say "if there is no TLSA record, the extension can be omited
> or the extension can be included with a DoE chain" ? That would be okay
> with us.
Yes, my understanding is that's what it means.
Note that Section 8 ("Mandating Use") already did hint at the future
possibility of
this extension carrying a DoE chain that could be deployed in a TLS
application
ecosystem where all servers understood and were prepared to respond to this
extension. The plan is to now add text that allows DoE chains more
generally,
with details of use defined in subsequent documents.
Shumon.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
