You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
All the examples of server USE_CERTIFICATE frames show them applying to stream 0, which I guess means they ambiently apply to the entire connection, but there isn't clear specification text describing this. The draft in general does not clearly specify the semantics and timing of a USE_CERTIFICATE frame, only alluding to problems in security considerations. (Incidentally, that section is missing an RFC6919 citation. ;-) )
Questions of server certificate scope need to further consider whether HTTP authentication is simply a property of the Host header and being willing to respond to the name, or whether the exact server certificate is relevant. In particular, it's unclear how this interacts with the tls-server-end-point channel binding, especially if the draft does not try to bind server certificates to streams. (Note that, if you do decide to bind them, the binding needs to be set before the request is sent, which makes the timing is quite different from client certificates.)
The text was updated successfully, but these errors were encountered:
All the examples of server
USE_CERTIFICATE
frames show them applying to stream 0, which I guess means they ambiently apply to the entire connection, but there isn't clear specification text describing this. The draft in general does not clearly specify the semantics and timing of aUSE_CERTIFICATE
frame, only alluding to problems in security considerations. (Incidentally, that section is missing an RFC6919 citation. ;-) )Questions of server certificate scope need to further consider whether HTTP authentication is simply a property of the
Host
header and being willing to respond to the name, or whether the exact server certificate is relevant. In particular, it's unclear how this interacts with the tls-server-end-point channel binding, especially if the draft does not try to bind server certificates to streams. (Note that, if you do decide to bind them, the binding needs to be set before the request is sent, which makes the timing is quite different from client certificates.)The text was updated successfully, but these errors were encountered: