- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Fri, 18 Sep 2015 23:57:34 +0300
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Mark Nottingham <mnot@mnot.net>, Henry Story <henry.story@co-operating.systems>, HTTP Working Group <ietf-http-wg@w3.org>
On Fri, Sep 18, 2015 at 01:48:50PM -0700, Eric Rescorla wrote: > On Fri, Sep 18, 2015 at 10:05 AM, Mark Nottingham <mnot@mnot.net> wrote: > > > Hi Henry, > > > > Thanks, but this is a much more narrowly-scoped discussion -- how to make > > client certs as they currently operate work in HTTP/2. > > > Is this a question about HTTP/2's limitations versus HTTP/1.1 or about > deficiencies > in HTTP/1.1 that HTTP/2 has not fixed? I think this is about the extra limitations of HTTP/2 regarding client authentication caused by major design differences between HTTP/1.1 and HTTP/2. Client certs in HTTP/1.1 aren't too great, but at least those don't seem to even remotely have the same problems as client certs in HTTP/2 (especially when in web environment). -Ilari
Received on Friday, 18 September 2015 20:58:03 UTC