- From: Adrien de Croy <adrien@qbik.com>
- Date: Tue, 09 Jun 2015 22:18:45 +0000
- To: "Martin Thomson" <martin.thomson@gmail.com>
- Cc: "Mike Bishop" <Michael.Bishop@microsoft.com>, "Yoav Nir" <ynir.ietf@gmail.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
>From an information theory POV it only carries any information if it may sometime not be sent. If it is always sent it is completely redundant and just protocol bloat and should be removed just to reduce bandwidth, if the server can't assume it means there is a cert, then we are back at the challenge. ------ Original Message ------ From: "Martin Thomson" <martin.thomson@gmail.com> To: "Adrien de Croy" <adrien@qbik.com> Cc: "Mike Bishop" <Michael.Bishop@microsoft.com>; "Yoav Nir" <ynir.ietf@gmail.com>; "HTTP Working Group" <ietf-http-wg@w3.org> Sent: 10/06/2015 10:15:42 a.m. Subject: Re: Client certificates in HTTP/2 >On 9 June 2015 at 14:34, Adrien de Croy <adrien@qbik.com> wrote: >> a) always -> let's tell every site we have a client cert > >I think that this is the only sensible option. But it wouldn't tell >sites that you have a cert, because you would send it unconditionally, >even if you didn't have a cert.
Received on Tuesday, 9 June 2015 22:21:08 UTC