> The mechanism it fixes (the browser's special downgrade of TLS) is not an > IETF protocol, nor related to the TLS WG. Making this a proposed standard, > would imply that the flawed technique is into standards track. I believe that > this text should be informational. I disagree. Just because it addresses one common behavior, defining semantics for a client to say "I tried better, this is what I have now" and the related server semantics is a very good thing. It keeps the client/server interaction stateless (well on the server side) across multiple connections. -- Principal Security Engineer, Akamai Technologies IM: rsalz@xxxxxxxxx Twitter: RichSalz