- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Sat, 8 Mar 2014 14:13:45 +0000
- To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 8 March 2014 12:43, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > - Reference to RFC 5764 (which is some DTLS extension). Did you mean > RFC 6347 (DTLS 1.2)? Yes. I got my numbers mixed up. > - "[...]need to authenticate can initial renegotiation, [...]". > That sounds odd, should it be "initial" or "initiate"? "initiate" > - Under what circumstances server ignores the extension even if it > is supported? When it doesn't want to authenticate. Maybe it's under DoS attack. Who knows, that's their business. > Some points: > - If the client has other active streams there, away might not be > apropirate. I don't know what you mean here. > - The 401 www-authenticate header value might contain some information > about acceptable client certificates (similarly to TLS > CertificateRequest), so the client can pick apropriate cerificate > before initiating new connection. Yes. That's probably "realm". But the intent is not to define how a client might select an appropriate certificate. The CertificateRequest contains some info too. > - The proper client certificate might have been issued by the server > or service provoder. Or even be self-signed[1]. As above.
Received on Saturday, 8 March 2014 14:14:13 UTC