On May 29, 2009, at 3:02 PM, Jeffrey Hutzelman wrote:
Multi-level negotiation is a bad idea.
I agree it's bad. But I think that assuming that channel-binding-type acceptable for one mechanism implies that it's acceptable for another mechanism for each of parties (server implementor/deployer, client implementor/deployer, protocol designer, etc.) which might care to make decision of acceptability is even worse.
My solution attempts to address both of these concerns. -- Kurt