On Tue, Jun 14, 2022 at 11:14 PM Phillip Hallam-Baker <[email protected]> wrote: > > Hmm... looks like this is a piece of brokenness in the browsers.
I don't think client certs are a priority for Browsers. That would significantly hinder support of interception, which is a browser design goal under Priority of Constituencies [1]. Browsers see interception as a valid use case for DLP programs. Instead of client certificates (and Origin Bound Certificates), the browsers prefer transport schemes so traffic can be intercepted like FIDO and token binding gear. (The open question for me is, how does a browser tell "good" interception from a "good" guy opposed to "bad" interception from a bad guy). Jeff [1] https://w3ctag.github.io/design-principles/#priority-of-constituencies _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
