- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 12 Dec 2013 15:52:22 +1100
- To: Paul Hoffman <paul.hoffman@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Yep, that's been discussed a few times, it's an open question. One possible use is that the server may want/need to know whether or not the client is validating the cert; e.g., a bank. Cheers, On 12 Dec 2013, at 2:04 pm, Paul Hoffman <paul.hoffman@gmail.com> wrote: > I'm still confused about "h2r". Why is the server offering this as something different than "h2t"? That is, if it is the client's choice whether or not to authenticate the server, why do you have this as something the server is offering? > > --Paul Hoffman -- Mark Nottingham http://www.mnot.net/
Received on Thursday, 12 December 2013 04:52:52 UTC