- From: Christopher Wood <caw@heapingbits.net>
- Date: Sat, 07 Sep 2019 16:53:35 -0700
- To: ietf-http-wg@w3.org
On Fri, Sep 6, 2019, at 10:41 AM, David Benjamin wrote: > My original thinking was that post-handshake auth and KeyUpdate are > relevant because they are spiritual successors of renegotiation in TLS > 1.3. The original RFC7540 targets renegotiation, so we should say > something about how the prohibition applies. For random other features, > there isn't anything existing text targeting them. But saying things > more clearly never hurts, so your replacement text SGTM too. > > I do think TLS should be a bit clearer on when a feature is intended to > be transparent and behind the TLS "API" and what is meant to > "caller-visible". Features in the latter bucket like post-handshake > auth and early data tend to be rather messy and ought to be gated by an > application profile, otherwise we run into problems like these. +1! Best, Chris
Received on Saturday, 7 September 2019 23:54:19 UTC