On Aug 3, 2019, at 5:53 PM, Jim Schaad <i...@augustcellars.com> wrote: > > In section 5.7 - I am not sure why one could not re-check for revocation > when doing a resumption, I would expect that this is only server side that > would do it but the current paragraph two outlaws it.
I think it's best to *always* apply authorization policies. The alternative is to allow the server to *not* check authorization policies during resumption. Which then means that the client is in charge of authorization, not the server. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu