On Aug 30, 2012, at 9:18 AM, Carl Wallace wrote:
>> And for issuers, it can be difficult to predict what proportion of the
>> user population will accept a certificate chain with certain
>> characteristics. For instance, when a browser includes a nonce in an
>> OCSP request but the server supplies a
>> response that does not include the nonce, it is hard to know which
>> browsers will accept and which will reject the response.
>>
>>
>>
>
> Is client authentication processing performed by web servers in scope? If
> not, explicitly push that out of scope.
It would be nice if it were in scope. Client authorization is a vastly
under-used feature.
I wouldn't want to endanger everything else over it, but if we keep sweeping it
under the rug, it will continue to languish.
Jon
_______________________________________________
wpkops mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/wpkops
