W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Report on preliminary decision on TLS 1.3 and client auth

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 22 Oct 2015 14:03:27 -0700
Message-ID: <CABkgnnXy+wOEi2vCfhVmrjyboTKBqzkUOncS==QLaMOYo5YQhA@mail.gmail.com>
To: Kyle Rose <krose@krose.org>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 22 October 2015 at 11:11, Kyle Rose <krose@krose.org> wrote:
> The way in which this is relevant is that it would be nice to present the
> user a better error than "ssl_error_handshake_failure_alert" in the case of
> an expired or missing certificate.

That is a choice the server makes.  The server is perfectly able to
complete a handshake and then deny the HTTP request.  I know that many
do not because that's more work to do right, but it's an option.

I wouldn't interpret this as a defense of the client certificate UX in
browsers.  But I don't expect that to change significantly, our UX
people have a lot of work to do, most of it much more important than
this.
Received on Thursday, 22 October 2015 21:03:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC