Tony Finch wrote: > Martin Rex <[email protected]> wrote: > > > > Or the server will have to be able to request from its TLS stack > > that the TLS session is established without any certificate > > path validation, and the app itself will have to sort out the > > mess all by itself, from an unverified client cert chain emitted by TLS. > > But that will require a lot of messy cert processing details > > in an apps spec, and may require changes to deployed TLS implementations > > before it can be used. > > These worries don't seem to cause significant problems in practice.
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf agreed, just a minor problem .... unless you care about security in any way. -Martin _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
