Andrei Popov wrote: > Hi Ilari, > >> >> What sort of usecase you have in mind for this? > > This is to support a fairly common website design where the landing > page does not require client auth, but subsequent request to a > protected resource triggers client authentication within an existing > TLS connection. > > In TLS<=1.2, this was accomplished via renegotiation. In TLS1.3, > there is no renegotiation, so we need an alternative solution if we > want to support these existing sites over TLS1.3.
While this might have been the structure of a few legacy sites, this will meet the axe longe before TLSv1.3 is done, because HTTP/2 prohibits renegotiation with TLSv1.2 as well. R.I.P. renegotiation. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
