We should clearly GREASE proof_type so that TA negotiation does not ossify.
SubjectType is not negotiated separately, so no GREASE is required, cf #7
RPs must ignore unknown claims in an assertion, so it seems to be a good candidate for grease. However, do we really have flexibility in claims to begin with? For instance, suppose we do not support IP ranges (#9) in the first version, but add it later on. How would the server know it can send an assertion with a range?
If we add extensions to TLSSubjectInfo #38, we should GREASE them.
Where should we add some GREASE?
proof_type
so that TA negotiation does not ossify.