On Mon, Oct 23, 2023 at 10:40 AM Andrei Popov <Andrei.Popov= 40microsoft....@dmarc.ietf.org> wrote:
> The use-case is not very clear to me: when is the decision whether to > authenticate a client or not based on the availability of a pre-configured > client certificate? > > If the client says they have a pre-configured cert, the server > authenticates them; otherwise, the connection succeeds without client auth > (and, presumably, the server returns a different response at the > application layer)? > It looked to me like it's intended for mTLS behind a front-end server, not really the open internet. But, the draft is very brief and I'm not sure. Something like this: <https://linkerd.io/2.14/features/automatic-mtls/> So, if you're operating a front-end server, you might not require a client certificate from external clients, but you would for the internal clients. thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls