On Fri, Sep 22, 2017 at 9:15 PM, Martin Thomson
wrote:
> On Fri, Sep 15, 2017 at 8:42 AM, Jeffrey Walton wrote:
>> The current models uses origins as a boundary, so they are different
>> security contexts.
>
> That's not relevant here. A certificate allows a server to speak for
> multiple origin
On Fri, Sep 15, 2017 at 8:42 AM, Jeffrey Walton wrote:
> The current models uses origins as a boundary, so they are different
> security contexts.
That's not relevant here. A certificate allows a server to speak for
multiple origins. The notion of an origin is, as you say, established
at a high
On Thu, Sep 14, 2017 at 6:42 PM Jeffrey Walton wrote:
> To play devil's advocate, will the TLS stack need to keep a copy of
> the certificate or authorized origins (an origin group?) for future
> connections?
Implementations that don't retain enough information for it can always just
not offer
On Wed, Sep 13, 2017 at 5:57 PM, Victor Vasiliev wrote:
> Currently, TLS 1.3 specification forbids resuming the session if SNI values
> do not match. This is inefficient in multiple cases, for example, if you
> have a wildcard domain cert, and the user is likely to visit multiple
> subdomains ove
