Thanks for writing this up Nick. I support this change.
I think one interesting addition to this PR might be a discussion of what could happen if you use the same DC as both a client and server. I suspect this is what a lot of people might do in a datacenter environment and that this is safe (because of the signature context), but it might push people to think a little more about this topic. Subodh ________________________________ From: TLS <tls-boun...@ietf.org> on behalf of Nick Sullivan <nick=40cloudflare....@dmarc.ietf.org> Sent: Monday, July 8, 2019 1:12:00 PM To: <tls@ietf.org> Subject: [TLS] Delegated Credentials in Client certificates Hello TLSWG, At previous meetings (and I think on the list?) there were requests to extend the Delegated Credentials in TLS (https://tools.ietf.org/html/draft-ietf-tls-subcerts<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dtls-2Dsubcerts&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=h3Ju9EBS7mHtwg-wAyN7fQ&m=2En5MlxcuSVkUcdv-V3gl1tBRBHEnwnmqugYvcNHhXA&s=6pCxlMzaZH8kPJEO6f8Q7ejHHoO96zi621e_qbVvigo&e=>) draft to support client certificates. This turns out to be a pretty minor change to the document. I've put up a PR: https://github.com/tlswg/tls-subcerts/pull/26/files/a502f3055c3eefe59a4b36642cd062267ac0fff7 Let me know if there is opposition to this change. I'm planning on submitting -04 later today. Nick
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
