On just one narrow point... On Mon, Jan 14, 2019 at 02:28:59PM -0700, Brian Campbell wrote: > > I will say that, in addition to the folks that have pointed out that > renegotiation just isn't possible in some cases, my experience trying to do > something like that in the past was not particularly successful or > encouraging. That could have been my fault, of course, but still seems a > relevant data point. I also have my doubts about the actual difficulty of
Also, the TLS folks get sad when we come up with new applications of renegotiation -- its removal from TLS 1.3 made many people happy. -Ben > getting an AS to issue a 307 like response for requests based on the > calling client and the likelihood that some/all OAuth client software would > handle it appropriately. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
