On Mon, Sep 21, 2015 at 07:38:45AM +0200, Karthikeyan Bhargavan wrote: > > In other words, if we do allow this change to client authentication, > to be safe, we must analyze the resulting protocol *as if* > applications will use the authentication event to attest to all data, > past and present, that may be associated with the data in the current > connection.
Under such assumption, even dynamic reauth in HTTP/1.1 is unsafe. If one additionally assumes causality, dynamic reauth in non-pipelined HTTP/1.1 may be safe, but dynamic reauth in HTTP/2 (or HTTP/1.1 with pipelining) is still unsafe. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
