Perhaps, but it still behooves us to warn implementors that a significant percentage of enterprise traffic will break with this mechanism.
> On May 9, 2018, at 3:39 AM, Martin Thomson <martin.thom...@gmail.com> wrote: > > This isn't really a security consideration though, it's a truism. A MitM > can break things that depend on end-to-end integrity of the connection. > On Wed, May 9, 2018 at 11:25 AM Roelof duToit <r@nerd.ninja> wrote: > >> If the use of the mechanism is not negotiated on the TLS level then I > would appreciate it if the “Security Considerations” section of the draft > could be amended to include a paragraph that warns potential implementors > that protocol-agnostic middleboxes will break the mechanism without any > clear failure indicators. > >>> On May 8, 2018, at 8:13 PM, Martin Thomson <martin.thom...@gmail.com> > wrote: >>> >>> On Wed, May 9, 2018 at 2:20 AM Roelof duToit <r@nerd.ninja> wrote: >>> >>>> I understand that there is not really anything to negotiate per se, but >>> would it not be prudent to add a TLS extension to negotiate support for >>> exported-authenticator in the TLS layer prior to using it in the >>> application layer? >>> >>> We don't signal the potential need for exporters. I see no reason to >>> signal this either. Any signaling necessary really belongs at the > higher >>> layer. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
