W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Report on preliminary decision on TLS 1.3 and client auth

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 19 Oct 2015 15:10:17 -0700
Message-ID: <CABkgnnVeWXQ0KM+EuGrK6Nj6yuJKP6jGb51g2bN1+G_MHLcJig@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
On 23 September 2015 at 10:16, Martin Thomson <martin.thomson@gmail.com> wrote:
> Here is a summary of the applicable pieces, plus what I options it provides
> HTTP/2...

With the help of Mike Bishop [7], I've just submitted a draft that
describes option 2 in more detail, including something for TLS 1.2.

  https://tools.ietf.org/html/draft-thomson-http2-client-certs-00

I think that this is the best of all the bad options available to us.
In an ideal world, I think that I would prefer to kill this feature,
but we tried that once already and it wasn't working so well.  So we
this is plan B.

The TLS 1.2 option requires a new TLS extension.  If we think that
this is a good idea, we'll have to coordinate with the TLS working
group.

--Martin

[7] Mike is on vacation, and I did make a few changes without his
approval, so I'll have to ask forgiveness if I made a mistake...  In
other words, all the blame is mine, and the credit Mike's.
Received on Monday, 19 October 2015 22:10:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC