On Wed, Jun 14, 2017 at 3:23 PM, David Benjamin <david...@chromium.org> wrote:
> That is, it is not the identity of the bytes that matters much. It's > whether the connection has been confirmed when you perform an unsafe > action. I believe this still satisfies the properties we want, but without > breaking standard interfaces. Very near the TLS stack, at the point where > the record boundary abstraction starts leaking (it's common to only give > you back a single record on read), either API is equally easy to provide. > The looser phrasing is needed for composition once you start going up a > layer or to. > Suppose a request, or a frame, spans two different client certificate authentication contexts (or unauthenticated, and authenticated); how is that handled today? or is it just forbidden? -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
