I don't think its possible to go one API / method at a time. If we want
to turn on a feature by default, it has to either be non-backwards
compatible or not break any existing API.
This is a problem for Trust Expressions because exposing the TLS
certificate to the application is a major part of pretty much all
existing library APIs and the library doesn't know what the application
is going to enforce (or expect) about those certificates. This makes it
hard (impossible?) for Trust Expressions to accurately convey the
application's policy or to be used to experiment with the certificate
format.
Best,
Dennis
On 23/07/2024 09:41, Salz, Rich wrote:
I agree that I didn’t provide a comprehensive answer, only that it was
possible, perhaps one API at a time. So maybe that addresses many
legacy apps.
But you are totally right that the surface area is MUCH bigger than that.
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
