- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 1 Apr 2014 10:56:04 -0700
- To: Yoav Nir <ynir.ietf@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 1 April 2014 04:02, Yoav Nir <ynir.ietf@gmail.com> wrote: > #1 is not a bad option. It’s not pretty, but just the fact that it’s written > down puts it ahead (process-wise) of the others. > > The TLS working group is considering getting rid of renegotiation for TLS > 1.3, because few use it except for client authentication in HTTPS. Going > with option #2 leaves us with all of the complexity. I’d rather we didn’t go > there. This is why #1 perhaps has the edge on #2. If we consider the possibility that renegotiation could be impossible in TLS 1.3, then a new connection is the only real option. Either that or something RFC 5705-based, like #4. As Patrick infers, I'm not that keen on #1. But I do want a solution.
Received on Tuesday, 1 April 2014 17:56:31 UTC