How will this (and any mechanism built on top of RFC 5705 exported key material) interoperate with middleboxes? This use of the mechanism is not negotiated on the TLS level, so there is no extension for the middlebox to strip that would warn the endpoints not to use exported authenticators. Are application level proxies the only compatible middleboxes?
—Roelof > On Apr 19, 2018, at 4:32 PM, Sean Turner <s...@sn3rd.com> wrote: > > All, > > This is the working group last call for the "Exported Authenticators in TLS" > draft available at > https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. > Please review the document and send your comments to the list by 2359 UTC on > 4 April 2018. > > Thanks - J&S > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
