Yes, I think so. Cheers,
Andrei From: Eric Rescorla [mailto:e...@rtfm.com] Sent: Saturday, September 3, 2016 4:07 PM To: Andrei Popov <andrei.po...@microsoft.com> Cc: tls@ietf.org Subject: Re: [TLS] PR #624: Remove Supplemental Auth from TLS 1.3 Thanks for flagging this. Looks like it can just go right before Certificate in the client's second flight... -Ekr On Sat, Sep 3, 2016 at 2:44 PM, Andrei Popov <andrei.po...@microsoft.com<mailto:andrei.po...@microsoft.com>> wrote: Hi Eric, MS TLS stack uses the user_mapping extension (to map TLS clients to Windows domain users). We do not implement client/server_authz. Cheers, Andrei From: TLS [mailto:tls-boun...@ietf.org<mailto:tls-boun...@ietf.org>] On Behalf Of Eric Rescorla Sent: Saturday, September 3, 2016 12:54 PM To: tls@ietf.org<mailto:tls@ietf.org> Subject: [TLS] PR #624: Remove Supplemental Auth from TLS 1.3 https://github.com/tlswg/tls13-spec/pull/624 We currently have code points assigned for user_mapping [RFC4681] client_authz [RFC5878] server_authz [RFC5878] These aren't well-specified for use in TLS 1.3 and my sense is that they are barely used. Any objections to just banning them? If not, I'll merge this PR end of next week. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
