Bodo Moeller <[email protected]>:
> - draft-popov-token-binding-00 uses "application protocol messages" but > doesn't say what these are. (I think this refers to TLS application data, > but TLS application data is not structured into messages. Presumably the > idea is that the TLS-style token binding protocol message be prepended to > the TLS application data stream, but the specification needs to be more > explicit about that, and probably should show a concrete example.) > Um, no. I don't actually think that. This is one of the cases where draft-popov-token-binding-00 might have to be clearer about what of it is a framework to be instantiated at a higher level, and what is concrete. (Of course, in the HTTP case, the application protocol message in question is the HTTP request, which will contain the TokenBindingMessage in the Token-Binding header field -- which arguably should be called "Token-Bindings" because the TokenBindingMessage is a sequence of TokenBinding messages.) Bodo
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
