Looks like TLS 1.3 already allows this for CT, though not OCSP. Would take
all of four characters to fix. See this table:
https://tlswg.github.io/tls13-spec/#rfc.section.4.2
One of the nice things about using TLS-style extensions in
CertificateRequest is any ClientHello => (Server)Certificate
Any thoughts on being able to staple OCSP (or CT) data to a client cert once
requested by the server?
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
___
TLS mailing list
TLS@ietf.org