Mike Bishop wrote: > > That means we now have a proposal for carrying both client and server > certificates above TLS, found at > https://tools.ietf.org/html/draft-bishop-httpbis-http2-additional-certs. > > We have also discussed that it might be preferable to pull part of this > capability back into TLS,
You are facing a MUST NOT in rfc6066 for this particularly bad idea. I'm currently wondering what kind of (weird) TLS session caching strategy would actually allow you to create such client or server behaviour. You're definitely in severe conflict with the "principle of least surprise" in respect to deterministic behaviour of your TLS clients and TLS servers. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
