Andrei Popov <andrei.po...@microsoft.com> writes: >An "I really mean it" flag. We can add these for every TLS message, not just >authentication-related ones. Just to make sure the peer truly is serious >about the TLS handshake.
It really depends on how servers react when they see client-cert-auth when they're not expecting it. Some time ago I tested one of the always-requests- client-auth servers to see what happened when it actually did get client-cert- auth and the result was a Handshake Failure alert. For J.Random messages it won't matter, but if the server is requesting client auth without knowing it's doing it then some "I really mean it" indication back to the client might be useful. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
