- From: Alexia Death <notifications@github.com>
- Date: Fri, 12 Jun 2026 10:07:18 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 12 June 2026 17:07:22 UTC
alexiade left a comment (whatwg/fetch#869) The core of my point was that mTLS is below web. It is below a lot of things. Its an established thing that web is using in a non-standard way and this standard is breaking the intended use. Yes, in a very classic web, it causes constant reauth. The same is true for unilateral TLS. The handshake is still there, just the unilateral variant of it, only marginally different from the bilateral. I see no objection to it in the case of unilateral TLS... so why is it a problem with bilateral TLS that adds exactly one more small step? Also, browsers have not been putting each request into separate connection for a while now, because server can set keep-alive and since HTTP/1.1 it is the default. The TCP (and TLS) connection stays open after a response instead of closing, and the browser keeps a pool of open connections per origin to reuse for later requests. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/869#issuecomment-4693470978 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/869/4693470978@github.com>
Received on Friday, 12 June 2026 17:07:22 UTC