On Tue, Oct 24, 2023, 13:07 Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> On Tue, Oct 24, 2023 at 12:54:08PM -0400, David Benjamin wrote: > > > Is the concern here errors or prompting? From the original email, it > > sounded like the issue was that requesting client certificates showed > > undesirable UI to human-backed clients. > > My concern is errors, browser UX concerts are not my bailiwick. I > typically look at TLS from the perspective of SMTP, where all the > communication is bot-to-bot (MTA to MTA). > > But, you're right that prompting could also be an issue, since in this > case the use-case was MUA to MSA, so it would apply to Thunderbird, > Outlook, ... where there's a user behind the keyboard. > > I don't recall seeing prompting as an issue reported by MUA users, since > the MUA authentication method is typically pre-configured as part of the > "server settings". MUAs have the luxury of a static set of servers they > talk to, where pre-configuration is the norm. > Ah yeah, I should have been clearer that I was specifically talking about HTTPS human clients. Hopefully MUAs didn't make quite the same set of historical deployment mistakes that HTTPS UAs did around client certs! :-) -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
