- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 25 Sep 2015 17:20:23 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- cc: Yoav Nir <ynir.ietf@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
-------- In message <CABkgnnXDVDp1DPDBkWiOJm82WZXHnsJOpk95NPY1ccHUQ+RYiw@mail.gmail.com> , Martin Thomson writes: >On 25 September 2015 at 03:14, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: >> What I tried to say above is that we don't know which cookie >> identifies the session. > >[...] > >What I neglected to mention earlier is that client certificate >mechanism that was being added was viewed more as a necessary evil >than an important feature. No one liked having to do this, but as >Mark pointed out, there are far more people relying on having the >functionality than we previously thought. I think in the current climate, we have a lot of lattitude for doing things right, and telling people why they should migrate to something safer, so we should seriously consider skipping the workarounds and aim for something that will hold up well under pressure. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 25 September 2015 17:20:52 UTC