[httpwg/http-extensions] Explain identifiers better (#485)
HTTP issue updates <http-issues@ietf.org> Tue, 06 February 2018 00:30 UTC
Delivered-To: http-issues@ietfa.amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=github.com; h=from:reply-to:to:cc:subject:mime-version:content-type:content-transfer-encoding:list-id:list-archive:list-post:list-unsubscribe; s=s20150108; bh=FjitHNF3oSyxKYUYzOZgDTenvB4=; b=UsDHTbszx0vmlhDQ RXwThWk4BdyTNZiYNi5v6Y/NOQR0o0g/t6Gw/sHQqgrE7arrxXU+LRy6htbvhcwB NPNsBs52zNXRhkN8hrJyKJz8/oM6hGAkiIGsrnFYR72FWJQDHoH7/qDI+hdSSmaY No7HgNcSN5HJK+0GTu1AVHTnjMg=
Date: Tue, 06 Feb 2018 00:30:26 +0000
To: httpwg/http-extensions <http-extensions@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Subject: [httpwg/http-extensions] Explain identifiers better (#485)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5a78f72229fa_64a12af90e12aed011244c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-issues/m1l_6-_2ThDbfrbO3ufoPu1GQfQ>
Message-ID: <mailman.2725.1517877037.4114.http-issues@ietf.org>
From: HTTP issue updates <http-issues@ietf.org>
Reply-To: http-issues@ietf.org
X-BeenThere: http-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: HTTP issue updates <http-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-issues>, <mailto:http-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-issues/>
List-Post: <mailto:http-issues@ietf.org>
List-Help: <mailto:http-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-issues>, <mailto:http-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 00:30:37 -0000
CERTIFICATE_NEEDED and USE_CERTIFICATE use different identifiers. The potential for confusion about these is immense. As I understand it, there is no direct need for correlation between these. This is largely because we hope that a response (or acceptance thereof) is largely conditioned on the set of certificates available, not the way that those certificate were requested, and so correlating CERTIFICATE_NEEDED isn't important. (In light of this, the text on confusion of clients the the description of CERTIFICATE_NEEDED is just confusing to me.) * CERTIFICATE_NEEDED includes a Request-ID, which is also used in a CERTIFICATE_REQUEST. * CERTIFICATE_REQUEST includes an authenticator request, which also includes the Request-ID (and some extra entropy now). * CERTIFICATE includes a Cert-ID. This is bound back to a CERTIFICATE_REQUEST using the contents of the authenticator itself (the exported authenticator "get context" API). * USE_CERTIFICATE includes a Cert-ID. Thus, it is possible to follow the process full-circle, but it is generally not necessary. A server should determine what response it wants to provide based on the certificates it has, not on how they were requested. The same goes for a client that is accepting a response. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/httpwg/http-extensions/issues/485
- [httpwg/http-extensions] Explain identifiers bett… HTTP issue updates
- Re: [httpwg/http-extensions] Explain identifiers … HTTP issue updates
- Re: [httpwg/http-extensions] Explain identifiers … HTTP issue updates