Re: [TLS] Review of PR #209
Martin Thomson <martin.thomson@gmail.com> Wed, 16 September 2015 17:30 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 338071B40AF for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 10:30:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHvSyus0GHFZ for <tls@ietfa.amsl.com>; Wed, 16 Sep 2015 10:30:41 -0700 (PDT)
Received: from mail-yk0-x230.google.com (mail-yk0-x230.google.com [IPv6:2607:f8b0:4002:c07::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C4431B40BA for <tls@ietf.org>; Wed, 16 Sep 2015 10:30:31 -0700 (PDT)
Received: by ykdu9 with SMTP id u9so227176251ykd.2 for <tls@ietf.org>; Wed, 16 Sep 2015 10:30:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XhYTKjoIc7Ku978uVYoT9KN4kq2EjV8PjFpbRr3rlQc=; b=dim+SCBhqwLTNPE4qzskfDkEQsvGZNIX3Nlh4Wwt3DeC/fN94Aq4OQe5++YXuLvLXF nvR0Av6KSrxtWCRJ5WLemdU8keXFQbuDjq3I3K62qOe7L3xdbqEl+VTQe2BzAq8IKXb3 dItKi1dxdMCFVsfHaLUw7t0820EIvuDKXDFQ1q+vTEVsnZ/568xkbxw1Iwrjz7FwO0p3 wXgtfl6/JCrOef9tu+gI8+/Dnk3QQgnVG2cY/MwigC+bpTl57C5xSsBTn02mQCtmORan uc6TydjA864HekTl5L4Te/x5kQrSgBMFXRHqFAnP2/M9I3ZO1N60QLkb4tZ1mHKEN9LX +tKQ==
MIME-Version: 1.0
X-Received: by 10.13.234.80 with SMTP id t77mr30698597ywe.89.1442424630886; Wed, 16 Sep 2015 10:30:30 -0700 (PDT)
Received: by 10.129.133.130 with HTTP; Wed, 16 Sep 2015 10:30:30 -0700 (PDT)
In-Reply-To: <BLUPR03MB1396166B0F74176B3E6ABD038C5B0@BLUPR03MB1396.namprd03.prod.outlook.com>
References: <CABkgnnWtUjH1b3xm_peffNxNpxXE9rudJLJpn1ExNpE7B29AhA@mail.gmail.com> <BLUPR03MB13962416E8D8AD71CFFE13C08C5C0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABkgnnX5VrvWwEiPq2DvEWexPSjLjpjy_1JDSmj31bytZTFP6A@mail.gmail.com> <BLUPR03MB139663BBF24BF86EBDAF10C58C5C0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABkgnnXOoW4PkZPi7JBjOC=eJYFU+M1e99KXvoSyJ0AVm+vCRQ@mail.gmail.com> <BLUPR03MB1396CB3E120A8ED9DF7BC6C08C5C0@BLUPR03MB1396.namprd03.prod.outlook.com> <CABkgnnUBQ3XEJ6sP5qa_T+sActXUfXzzOQ+O=nvHe9euZfMk1A@mail.gmail.com> <BLUPR03MB1396166B0F74176B3E6ABD038C5B0@BLUPR03MB1396.namprd03.prod.outlook.com>
Date: Wed, 16 Sep 2015 10:30:30 -0700
Message-ID: <CABkgnnV8z70gp9uFsyLu381Ovs39X-+Sf=MxB06FFm1EACrCVQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/IXMg734_IFXGavWJEwzSg2gD-G0>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Review of PR #209
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 17:30:42 -0000
On 15 September 2015 at 17:42, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > That's why instead I say the client should send the ticket and if it turns out insufficient, the client will get a CertificateRequest :). I'm not sure about this. Some servers are built with the expectation that clients who need to authenticate have done so. After all, not all CertificateRequests result in Certificates being sent (i.e., some are empty).
- [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Ilari Liusvaara
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Eric Rescorla
- Re: [TLS] Review of PR #209 Eric Rescorla
- Re: [TLS] Review of PR #209 Ilari Liusvaara
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Daniel Kahn Gillmor
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Karthikeyan Bhargavan
- Re: [TLS] Review of PR #209 Ilari Liusvaara
- Re: [TLS] Review of PR #209 Martin Thomson
- Re: [TLS] Review of PR #209 Daniel Kahn Gillmor
- Re: [TLS] Review of PR #209 Geoffrey Keating
- Re: [TLS] Review of PR #209 henry.story@bblfish.net
- Re: [TLS] Review of PR #209 Andrei Popov
- Re: [TLS] Review of PR #209 Geoffrey Keating
- Re: [TLS] Review of PR #209 Henry Story