I am looking for text which is technically accurate. the current text is not, for any sense of "obtain". What is required here is that the server authenticate to the client with a private key that corresponds to a certificate which passes the suitable tests. That's entirely different from "obtain". -Ekr On Thu, Jan 11, 2018 at 2:28 PM, Mark Nottingham <mnot@mnot.net> wrote: > > > > On 11 Jan 2018, at 9:56 am, Eric Rescorla <ekr@rtfm.com> wrote: > > > > > > Note that for a connection to be considered authoritative for a > given > > > > origin, the client is still required to obtain a certificate that > > > > passes suitable checks; see [RFC7540] Section 9.1.1 for more > > > > "Obtain" seems confusing here. Perhaps "the server is still required > to > > > > authenticate using" > > > > > > Could you please provide complete text? This section has been agonised > over a fair amount. > > > > > > I would say: > > > > > > " A connection MUST NOT be considered authoritative for a given origin > unless the > > > server has authenticated to the client using a certificate that would > have been acceptable > > > for that origin; see ...." > > > > That makes it a requirement, which repeats one already in 7540. We try > to avoid repeating requirements of other specs, since any deviation in > wording or context can cause conflicting interpretations. > > > > Well, then I'm not quite sure what you're looking for here. > > *scratches head* > > I'm happy to ship the doc as-is; what are you looking for? > > > > -- > Mark Nottingham https://www.mnot.net/ > >
Received on Thursday, 11 January 2018 22:39:29 UTC