On Apr 6, 2017 4:08 AM, "Fries, Steffen" <steffen.fr...@siemens.com> wrote:
You are right, I did not take that option into account. But as you mentioned, it is non-standard and with the desire is to be interoperable as most as possible, proprietary enhancements are likely not to be favored. >From a security standards perspective, interoperability by-default is expressly *undesirable* for this mode of operation. We want this to break for anyone who hasn't gone through the trouble of explicitly opting-in. This seems to be a perfect case for the "allow registration of code points, but do not standardize or recommend" approach: the mechanism is possible to implement in a way that respects IANA namespacing by those parties with special needs requiring it, but the risk that someone will accidentally implement it in a stack used in end-user software is minimal. Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls