> Which leaves open the question (in my mind) as to whether to require this: > > "Both end points must authenticate each other."
Keep in mind that the client side was deliberately crippled in browsers for privacy reasons. Support used to be much better—you could transparently created a client certificate which would automatically be used for future TLS handshakes. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
