On Tue, Oct 24, 2023 at 04:11:53PM +0000, Andrei Popov wrote:
> > At least as a client, you can't read anything into seeing a cert request
> > from the server, it's just a standard part of the handshake, like a keyex
> > or a finished.
>
> This is exactly my argument: when a client receives a cert request the
> client cannot satisfy, the RFC says send an empty Certificate and
> continue with the handshake...
Sadly, that's not what actually reliably happens in practice, or at
least that was the case when I last looked.
Perhaps all the guilty TLS stacks were fixed in the meantime? I am not
well placed to determine how much "friction" remains.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
