On Aug 3, 2019, at 5:53 PM, Jim Schaad <i...@augustcellars.com> wrote:
> In section 5.7 - I am not sure why one could not re-check for revocation
> when doing a resumption, I would expect that this is only server side that
> would do it but the current paragraph two outlaws it.

  I think it's best to *always* apply authorization policies.  The alternative 
is to allow the server to *not* check authorization policies during resumption. 
 Which then means that the client is in charge of authorization, not the server.

  Alan DeKok.

Emu mailing list

Reply via email to