4.5.2 Post-Handshake Authentication notes that if a client receives multiple CertificateRequests, it can reply to them in a different order than they were received. By my reading of the text, the client is still "obligated" to respond to all of them (but the server has to be able to receive an arbitrary number of messages before it gets back the response, so it's kind-of a weak obligation). Would we want to weaken the restriction so that the client is only obligated to reply to at least one, similarly to how a peer can coalesce multiple KeyUpdate requests? I understand that the setup is somewhat different, since the CertificateRequest comes with a context and could correspond to different application-level needs, but it seemed worth mentioning, since as we have discussed before generating the Finished message comes with some burden of handshake buffering/hash forking/etc.
-Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
