On Tue, Jan 26, 2016 at 10:32 PM Martin Thomson <martin.thom...@gmail.com> wrote:
> On 27 January 2016 at 14:11, David Benjamin <david...@chromium.org> wrote: > > Why do you say it's an optimization? They're exactly the same except the > > simplified one reduces to normal 0-RTT + mid-stream CertificateRequest (a > > combination that's possible with or without my restriction) and the > other is > > a brand new handshake flow to worry about. > > I get your point, but I don't see that as a simplification. In my > mind, post-handshake client authentication doesn't happen. Or, I > don't see it being commonplace. > I certainly hope it doesn't become commonplace either! :-) But the only cases where this flow is useful (server sends non-zero unauthenticated bytes at t=0.5 before the authenticated bytes at t=1.5) has all the same pitfalls of mid-stream auth (specifically that the stream's authentication switches partway through), so I don't see what avoiding mid-stream auth is supposed to gain. David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
