On Mon, Oct 23, 2023 at 05:49:47PM +0000, Andrei Popov wrote:
> >> They could just proceed without a certificate, or return a default
> one, but they don't.
>
> Yes, but, arguably, such broken clients won't be fixed by adding new
> extensions/flags/etc. If they do not comply with the simple RFC
> language that exists, can we expect them to implement the new flag
> correctly?
You misunderstood. If they don't send the flag, the servers in question
simply won't request certificates. Requests will only when when the
cert request is *explicitly* solicited. So the broken clients *will*
be fixed by (lack of) the extension.
--
VIktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
