- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 16 Dec 2014 13:57:54 -0800
- To: Kent Watsen <kwatsen@juniper.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 16 December 2014 at 13:31, Kent Watsen <kwatsen@juniper.net> wrote: > First off, the RESTCONF draft desperately needs this to be an RFC - any > chance of that happening soon? Feel free to make that statement here: ietf-http-wg@w3.org They are currently paying more attention to other things. If you want to lend a hand, I'm sure that we can move it faster. (open issues: https://github.com/martinthomson/drafts/labels/http-cant) > Secondly, if not using the "Authorization" request header field, how is it > that the client-certificate is passed into the app biz logic on the HTTP > server? It looks like Apache and NGINX have proprietary mechanisms to > pass the client-cert via the environment and/or headers. Should this > draft define something standard, for interop rasons, or is this considered > an internal app issue? It varies, a lot. And I haven't seen any indication that vendors of those containers want to standardize on an API. So I don't expect this to change.
Received on Tuesday, 16 December 2014 21:58:20 UTC