On 8/30/12 12:28 PM, "Jon Callas" <[email protected]> wrote:
>On Aug 30, 2012, at 9:18 AM, Carl Wallace wrote: > >>> And for issuers, it can be difficult to predict what proportion of the >>> user population will accept a certificate chain with certain >>> characteristics. For instance, when a browser includes a nonce in an >>> OCSP request but the server supplies a >>> response that does not include the nonce, it is hard to know which >>> browsers will accept and which will reject the response. >>> >>> >>> >> >> Is client authentication processing performed by web servers in scope? >>If >> not, explicitly push that out of scope. > >It would be nice if it were in scope. Client authorization is a vastly >under-used feature. > >I wouldn't want to endanger everything else over it, but if we keep >sweeping it under the rug, it will continue to languish. I agree and would like to see it stay in scope as well. _______________________________________________ wpkops mailing list [email protected] https://www.ietf.org/mailman/listinfo/wpkops
