Summary: Has enough positions to pass.
Thanks for this; I just have some minor nit-level comments; no response necessary. Abstract This document updates HTTP/2 to prohibit TLS 1.3 post-handshake authentication, as an analog to existing TLS 1.2 renegotiation restriction. nit: either "restrictions" or "the existing". Section 1 TLS 1.3 [RFC8446] updates TLS 1.2 to remove renegotiation in favor of separate post-handshake authentication and key update mechanisms. The former shares the same problems with multiplexed protocols, but the prohibition in HTTP/2 only applies to TLS 1.2 renegotiation. nit: I'd suggest referring to a specific RFC rather than "HTTP/2" -- this document will in some sense become part of "HTTP/2" upon publication :) Section 3 HTTP/2 servers MUST NOT send post-handshake TLS 1.3 CertificateRequest messages. HTTP/2 clients MUST treat TLS 1.3 post- handshake authentication as a connection error (see Section 5.4.1 of [RFC7540]) of type PROTOCOL_ERROR. nit: is it the authentication or the request thereof that is the connection error? Section 4 Unless the use of a new type of TLS message depends on an interaction with the application layer protocol, that TLS message can be sent after the handshake completes. I don't see anything better to say than this, but ... will draft-ietf-tls-exported-authenticator be considered to "depend on an interaction with the application layer protocol"? (Also, nit: hyphenate "application-layer".)
** Abstract. Recommend adding a sentence to the abstract that this draft updates RFC7540.
Please update the Abstract to say something like: "This document updates RFC 7540 by forbidding TLS 1.3 post-handshake authentication." or similar. Also, thanks to Tianran for the OpsDir review.
Thank you for this document.