On 08/26/2016 11:19 AM, Richard Barnes wrote: > This line of argument isn't really useful. No matter what we specify > here, clients can choose to only implement a part of the spec. (There > are TLS clients that only do RSA.) Our responsibility here isn't to > make sure that there's nothing a client can skip, it's to make sure > that a client that wants to implement the whole spec can. Agreed we can always have parts of the spec that some clients or some servers don't implement. However, the only two CAs we have heard from have said they don't intend to implement pre-auth, which means no clients will implement it. Is it worthwhile to specify behavior that no-one is going to implement?
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme