It's fairly tricky to negotiate cryptographic protection.
For the encryption negotiation, I don't see how the transport gets
switched from encrypted to non-encrypted in mid-stream. How can you
switch from a non-SSL connection to an SSL connection during negotiation,
for example? Wouldn't you have to start all over again, repeating
everything that led up to the discovery that the two sides needed
a particular protection suite? Do they also negotiate the authentication
requirements?
The closest I'd seen to any discussion of this was early on, and the
notion was that if you were already using SSL you might decide during
negotiation that the transport had already established a sufficient
degree of security and accept it. What of that case?
I think that the IESG may take issue with the idea that the extensions
can change anything, including the syntax. It would seem difficult
to analyze an implementation for correctness given such wide latitude
in dynamic behavior.
Hilarie