Re: New Version Notification for draft-nottingham-http2-encryption-00.txt from Paul Hoffman on 2013-10-07 (ietf-http-wg@w3.org from October to December 2013)

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Mon, 7 Oct 2013 08:57:57 -0700
To: Mike Bishop <Michael.Bishop@microsoft.com>
Cc: Mark Nottingham <mnot@mnot.net>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAPik8ya98OE7g6+Jygp+Xp0FiT+Q80r9HUt0kG4Pznk057UhNQ@mail.gmail.com>

If Mike's right, then the HTTP server needs to know *three* things from the
TLS layer:
1) Whether or not the client authenticated
2) If (1) is true, whether there is a host name was in the cert's identity
3) If both (1) and (2) are true, what the host name is
That seems like a lot of unstated assumptions.

Received on Monday, 7 October 2013 15:58:24 UTC