W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Thu, 12 Dec 2013 11:14:52 -0800
Message-ID: <CAPik8yaTjfpW_QLgABBTDqcQsqK6mkwRoo-PYHsoEAyn8OQQ=g@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Dec 11, 2013 at 8:52 PM, Mark Nottingham <mnot@mnot.net> wrote:

>
> One possible use is that the server may want/need to know whether or not
> the client is validating the cert; e.g., a bank.
>
>
1) In what scenarios that are similar to what we have today does a server
want/need to know that the client validated the cert? In your "a bank"
example, assume that the user removed the WhizzyCA root from the browser's
pile, the bank chains up to WhizzyCA, and the user clicked through the "do
you really want to do this" warning from his browser. How does that server
know that?

2) Are there other possible uses?

--Paul Hoffman
Received on Thursday, 12 December 2013 19:15:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC