W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

Re: FYI: proposal for client authentication in TLS

From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Date: Sat, 8 Mar 2014 17:56:48 +0200
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20140308155648.GA19296@LK-Perkele-VII>
On Sat, Mar 08, 2014 at 03:45:23PM +0000, Martin Thomson wrote:
> On 8 March 2014 15:04, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote:
> 
> > I was thinking if the client could select the certificate before
> > connecting again...
> 
> As for certificate selection, I don't think that we need anything more
> than what we already have.  Today, we have zero.  With this, we would
> have realm, and extension parameters, which I don't think that we can
> sensibly define anything for.

IIRC, for certificate selection, TLS sends DNs of acceptable certificate
authorities. Of course, that won't help with self-signed client
certificate...


-Ilari
Received on Saturday, 8 March 2014 15:57:11 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:24 UTC