On Tue, Oct 24, 2023 at 12:54:08PM -0400, David Benjamin wrote:
> Is the concern here errors or prompting? From the original email, it
> sounded like the issue was that requesting client certificates showed
> undesirable UI to human-backed clients.
My concern is errors, browser UX concerts are not my bailiwick. I
typically look at TLS from the perspective of SMTP, where all the
communication is bot-to-bot (MTA to MTA).
But, you're right that prompting could also be an issue, since in this
case the use-case was MUA to MSA, so it would apply to Thunderbird,
Outlook, ... where there's a user behind the keyboard.
I don't recall seeing prompting as an issue reported by MUA users, since
the MUA authentication method is typically pre-configured as part of the
"server settings". MUAs have the luxury of a static set of servers they
talk to, where pre-configuration is the norm.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
