- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 12 Jan 2018 10:20:32 +1100
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-origin-frame@ietf.org, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
WFM, committing. Thanks, > On 12 Jan 2018, at 10:19 am, Eric Rescorla <ekr@rtfm.com> wrote: > > "present" seems too weak. You need to prove possession of the private key, not just show it. How about "authenticate with"? > > On Thu, Jan 11, 2018 at 3:16 PM, Mark Nottingham <mnot@mnot.net> wrote: > > > > On 12 Jan 2018, at 9:38 am, Eric Rescorla <ekr@rtfm.com> wrote: > > > > I am looking for text which is technically accurate. the current text is not, for any sense of "obtain". What is required here is that the server authenticate to the client with a private key that corresponds to a certificate which passes the suitable tests. That's entirely different from "obtain". > > How about: > > Original: """ > Note that for a connection to be considered authoritative for a given origin, the client is still required to obtain a certificate that passes suitable checks...""" > > Update: """ > Note that for a connection to be considered authoritative for a given origin, the server is still required to present a certificate that passes suitable checks...""" > > -- > Mark Nottingham https://www.mnot.net/ > > -- Mark Nottingham https://www.mnot.net/
Received on Thursday, 11 January 2018 23:21:03 UTC