W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Report on preliminary decision on TLS 1.3 and client auth

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 20 Oct 2015 11:10:31 -0700
Message-ID: <CABkgnnVhYrodst7OMLGsyebLYXqF+S2qF+aaJiQx28xrAZ-a7w@mail.gmail.com>
To: "Jason T. Greene" <jason.greene@redhat.com>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 20 October 2015 at 05:31, Jason T. Greene <jason.greene@redhat.com> wrote:
> Wouldn't the semantics be a hell of a lot cleaner, and implementations a lot simpler, if we just pushed this to an HTTP cert auth protocol?

Yes, yes it would.  A better authentication mechanism might be better
still.  But that would be a new protocol.  We have plenty of evidence
to suggest that a new protocol would not be acceptable.  As I said, we
are already at plan B.
Received on Tuesday, 20 October 2015 18:11:00 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC