On Fri, May 04, 2018 at 11:20:55AM -0400, Roelof duToit wrote: > How will this (and any mechanism built on top of RFC 5705 exported key > material) interoperate with middleboxes? This use of the mechanism is not > negotiated on the TLS level, so there is no extension for the middlebox to > strip that would warn the endpoints not to use exported authenticators. Are > application level proxies the only compatible middleboxes?
I'm not sure I properly understand the question, in particular what kind of middlebox you're considering. Note that application protocols will need to have some way to negotiate the use of this functionality, which presumably a middlebox could also inspect. -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
