-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 14/12/2013 21:40, Yoav Nir wrote: > How about having this in the security considerations: > > Implementers and document editors who intend to extend the > protocol identifier registry by adding new protocol identifiers > should consider that in TLS versions 1.2 and below the client sends > these identifiers in the clear, and should also consider that for > at least the next decade, it is expected that browsers would > normally use these earlier versions of TLS in the initial > ClientHello. > > Care must be taken when such identifiers may leak personally > identifiable information, or when such leakage may lead to > profiling, or to leaking of sensitive information. If any of these > apply to this new protocol identifier, the extension SHOULD NOT be > used in TLS versions 1.2 and below, and documents specifying such > protocol identifiers SHOULD recommend against such unsafe use. Absolutely. Much better than my wording. Less limiting, but lets them know what they're doing by using it. The next decade part makes me a sad panda. Realistic, but depressing. Let's see if we can do better with TLS 1.3! - -- /akr -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSrOFIAAoJEOyEjtkWi2t6P5IQAKTevPpoom8Op0BX6NZeDvPR FBQ/z7IGHy4e33hb0nI8ucTaei3TAfwwdJcbt4i+Kn5L9zfN2WqOkTKQxxN+lFWL lZkqhNcmVjlPo+Udui9LLd7duaeNWjJ4Mm2rhWh8vKyJ4YgQM0Y0h36Tb6RGQDKG yKrDsXSJcnxK69vm6YvIDxv5uJ0M/okAKoxe7osEtIjCHsfGvn2aDppOYWbClD38 eXQKdFeBm5+mvFid5VAmjuyV0Qk6mht3Nuhn6D2uR7qfuvV5MpJR83Ne7yZNBNXY TG1YzCLHR4I+SLq4517Y++g0VK1IE4ozqNDOj2Ij/YCEvJ9d8S+p/IEBvkVmvMPq 66LtrwuhFAkkXj1Stv5CjqIJA+zQB8jZ7SjJEZ0FIEGbKFyeK9pGSh/zYgQzzJii a26SojIuFqalE0luGH5NJLByOJ2EWAyC7G3CF9qDMqQ87LYZVGcvS8VO7w3IE2Bl m1nKeZwhkk9ymztWNrNC3DEEkski2tYODsA/glPP5aMp/2B9ggfKQXPJ0mRx1cEA evzAZllaLYaf9j7F9KMOZj07ofHG6bWU4Q2hNArp131QbqD7xPsqyH0kdvr2JSpa 3cwrPr5Put/9Ph/eAva9/gUyIYzdDPN3eEcRdew7tcd8YxC4MGEtp5dPrN+f+SLd 1qb5J2j+7FpBEfIW3KiK =FfBO -----END PGP SIGNATURE-----