On Mon, Oct 28, 2019 at 12:48 PM Salz, Rich <rs...@akamai.com> wrote:
> Sorry for jumping into this late. > > > > Client <--> proxy <--> backend > > > > The C/P side is protected by TLS. There must be similar protection on the > P/B side, such as client-cert, or a signature over the certificate being > forwarded, right? > To avoid the misconfiguration issue Neil raised, you probably need both: a client-cert *and* a signature over the certificate being forwarded, This could still be achieve by extending RFC7239 with new parameter(s). Regards, Rifaat > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
