http-extensions icon indicating copy to clipboard operation
http-extensions copied to clipboard
verified publisher icon httpwg

Redundant requirements for secondary certs on a non-control stream

Open LPardue opened this issue 2 months ago • 1 comments

The draft states both

The SERVER_CERTIFICATE frame MUST be sent on the control stream. A SERVER_CERTIFICATE frame received on any other stream MUST not be used for server authentication.

and

The SERVER_CERTIFICATE frame applies to the connection, not a specific stream. An endpoint MUST treat a SERVER_CERTIFICATE frame received on any stream other than the control stream as a connection error.

This seems a bit redundant. If you trigger a connection error, then you don't process the frame and so the "MUST not be used for server authentication" can't apply. Consider combining and condensing the requirement text.

LPardue avatar Oct 02 '25 19:10 LPardue

Agreed, both of these requirements are basically stating the same thing. Will condense these.

egorbaty avatar Nov 05 '25 14:11 egorbaty