On Wed, Jul 8, 2020 at 2:36 AM Daiki Ueno <du...@redhat.com> wrote: > > Martin Thomson <m...@mozilla.com> writes: > > > I think that we considered this when we first landed this code, but > > deferred adding any callbacks until it was clear what the right answer > > was. As you say, you get the callback, but you might not if the > > request is rejected. > > I think that is about the server side. On the client side, it seems > even harder to detect the completion, because there will be no > indication of acceptance until the next application data is sent.
Fair point, but we have never had a way to indicate that you consider your peer to be authenticated as "X". It's down to individual authorization decisions to reflect whatever opinion you have formed. For instance, a 403 response in HTTP might provide some more information. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto