Re: Client certificates in HTTP/2

>From an information theory POV it only carries any information if it may 
sometime not be sent.  If it is always sent it is completely redundant 
and just protocol bloat and should be removed just to reduce bandwidth, 
if the server can't assume it means there is a cert, then we are back at 
the challenge.


------ Original Message ------
From: "Martin Thomson" <martin.thomson@gmail.com>
To: "Adrien de Croy" <adrien@qbik.com>
Cc: "Mike Bishop" <Michael.Bishop@microsoft.com>; "Yoav Nir" 
<ynir.ietf@gmail.com>; "HTTP Working Group" <ietf-http-wg@w3.org>
Sent: 10/06/2015 10:15:42 a.m.
Subject: Re: Client certificates in HTTP/2

>On 9 June 2015 at 14:34, Adrien de Croy <adrien@qbik.com> wrote:
>>  a) always -> let's tell every site we have a client cert
>
>I think that this is the only sensible option.  But it wouldn't tell
>sites that you have a cert, because you would send it unconditionally,
>even if you didn't have a cert.

Received on Tuesday, 9 June 2015 22:21:08 UTC