On Fri, Feb 18, 2022 at 04:47:09AM +0000, Kampanakis, Panos wrote: > > About the tlsflags, make sense. It would simplify things too. The > impression I got from the old draft-thomson-tls-sic thread and the > tlsflags draft was that it mandates an acknowledgement. I will > confirm with Yoav.
The text in tlsflags looks like it mandates an acknowledgement, but I think it might be just confusing text. Regarding actual need for acknowledgement for this flag, I think that server acknowledging it could be useful so client knows if retrying without flag could be useful or not. For the client acknowledging it, I find that much less useful. If server proposes the extension, it better have exhaustive issuer list, be using certificates as just holders for raw public keys, or using certificate fingerprints for identification. Anything else looks like it is asking for trouble. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
