Re: Report on preliminary decision on TLS 1.3 and client auth from Martin Thomson on 2015-10-20 (ietf-http-wg@w3.org from October to December 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 20 Oct 2015 11:10:31 -0700
To: "Jason T. Greene" <jason.greene@redhat.com>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnVhYrodst7OMLGsyebLYXqF+S2qF+aaJiQx28xrAZ-a7w@mail.gmail.com>

On 20 October 2015 at 05:31, Jason T. Greene <jason.greene@redhat.com> wrote:
> Wouldn't the semantics be a hell of a lot cleaner, and implementations a lot simpler, if we just pushed this to an HTTP cert auth protocol?

Yes, yes it would.  A better authentication mechanism might be better
still.  But that would be a new protocol.  We have plenty of evidence
to suggest that a new protocol would not be acceptable.  As I said, we
are already at plan B.

Received on Tuesday, 20 October 2015 18:11:00 UTC