Re: Client Certificates - re-opening discussion

On Fri, Sep 18, 2015 at 01:48:50PM -0700, Eric Rescorla wrote:
> On Fri, Sep 18, 2015 at 10:05 AM, Mark Nottingham <> wrote:
> > Hi Henry,
> >
> > Thanks, but this is a much more narrowly-scoped discussion -- how to make
> > client certs as they currently operate work in HTTP/2.
> Is this a question about HTTP/2's limitations versus HTTP/1.1 or about
> deficiencies
> in HTTP/1.1 that HTTP/2 has not fixed?

I think this is about the extra limitations of HTTP/2 regarding client
authentication caused by major design differences between HTTP/1.1 and

Client certs in HTTP/1.1 aren't too great, but at least those don't
seem to even remotely have the same problems as client certs in HTTP/2
(especially when in web environment).


Received on Friday, 18 September 2015 20:58:03 UTC