proposal: crypto/tls: add support for exported authenticators

[tatianab]

Proposal to implement support for exported authenticators in crypto/tls as described in draft-ietf-tls-exported-authenticator-10. I'm happy to write a CL for this.

cc @grittygrease @wbl

[FiloSottile]

Hello @tatianab, this is not something we are likely to implement for the time being.

• Go likes to wait until things mature and gain enough adoption to justify their complexity, and we basically never implement draft standards.

• Before moving to a CL, we'd have to discuss what a safe and useful API looks like.

• I haven't checked the draft in a long time, but I thought the point was to leverage the RFC 5705 exporters, which we already expose via ConnectionState.ExportKeyingMaterial, allowing this entire implementation to live outside the standard library.

• crypto/tls stayed simple and robust over the years by implementing a tiny subset of the constellation of TLS features. When TLS 1.3 was new it was easy to maintain this tradition, but now that many additions are being proposed, we'll have to once again figure out what a useful minimal subset looks like.