On Wed, Jan 27, 2010 at 1:05 AM, Martin Rex <mrex@xxxxxxx> wrote: >> <aside>That's been the standard for PKIX RFCs for at least ten years >> (actively acknowledged by WG mmembers), although perhaps its spread >> to other groups should be discouraged.</aside> > > I fully agree. > > That may be attributed to the fact that a large part of PKIX is dealing > with policy issues with the objective to prevent/prohibit interoperability. On the contrary. I believe allowing the sending of both SCSV and extension might harm interoperability instead. Consider the case of most popular client implementations are sending both SCSV and extension (it's easier to do so). A developer of a server might then consider checking only for SCSV (since all of the popular ones he tested with send both). Thus interoperability with less popular clients that only send extension stops. This scenario might not be very likely, but this kind of issues were not rare in TLS for quite long :) best regards, Nikos _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf