- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 22 Oct 2014 16:59:42 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 22/10/14 16:09, Martin Thomson wrote: > On 22 October 2014 07:10, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: >> - section 2: I don't like the auth scheme name - this >> should work without X.509. I'd suggest "TLSClientAuth" >> would be a better thing to use. > > I was aiming for a tight scope, clearly you would like to expand this. > I'm not fundamentally opposed to that, but it's a lot more work. Well, not necessarily a lot, but sure I guess it might make most sense to see what'll be needed so that HTTP/2.0+TLS1.3 can do at least as well as but hopefully better than the kind(s) of client auth possible with HTTP/1.1+TLS1.2. And then do that. I suspect the embedded/small-devices might make a non-X.509 based approach worthwhile though. S.
Received on Wednesday, 22 October 2014 16:00:13 UTC