The purpose of the TLS feature extension is to prevent downgrade
attacks that are not otherwise prevented by the TLS protocol. In
particular, the TLS feature extension may be used to mandate support
for revocation checking features in the TLS protocol such as OCSP
stapling. Informing clients that an OCSP status response will always
be stapled permits an immediate failure in the case that the response
is not stapled. This in turn prevents a denial of service attack that
might otherwise be possible.
Working Group Summary
This is not a WG document but has been discussed on the TLS
list and (so I'm told) has support from browser implementers
and other implementers.
The document is short and clear. I'm not clear on current
implementation status but have been asked a number of
times about it's status by implementers who want this.
Sean Turner is the document shepherd. Stephen Farrell is the
Please note that up until the -09 version the draft had value 24 for
what is documented as TBD2 in -10 for id-pe-tlsfeature.
If IANA choose to allocate that value for this that might save some
trouble for someone later. The value chosen for TBD1 doesn't matter