On Thu, Sep 14, 2017 at 6:42 PM Jeffrey Walton <noloa...@gmail.com> wrote:
> To play devil's advocate, will the TLS stack need to keep a copy of > the certificate or authorized origins (an origin group?) for future > connections? Implementations that don't retain enough information for it can always just not offer sessions across domains. What resumption patterns to support and what state to retain to support those is an implementation decision. But stacks I've seen already retain this anyway. It's common to have APIs that retrieve the peer certificate and for resumption to be more-or-less transparent. That combination implies sessions must retain the peer certificate to resurface when asked. David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
