- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Sat, 8 Mar 2014 15:45:23 +0000
- To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 8 March 2014 15:04, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > And I would prefer other random websites not to use connections to > other websites with extra ambient authority (nevermind that those requests > should be flaggged). Ahh, you have jumped to the conclusion regarding connection coalescing, which is good. I have text in the security considerations of the next draft that covers this. Connections with client authentication should not be coalesced, to avoid this problem. > I was thinking if the client could select the certificate before > connecting again... As for certificate selection, I don't think that we need anything more than what we already have. Today, we have zero. With this, we would have realm, and extension parameters, which I don't think that we can sensibly define anything for. --Martin
Received on Saturday, 8 March 2014 15:45:50 UTC