Mike Meyer (email@example.com)
Tue, 25 Jul 95 14:55:40 PST
> I'm confused. Do you mean to say you want session-id renegotiation by
> the client for the case that two servers want to push the same
> session-id value on the client?
No - I'm just uncomfortable allowing the server to specify the session
id, even if the client only uses it for that server. The renegotiation
is trivial (just send the ID you generated), and a client doesn't need
to implement it. Do you think the renegotiation shouldn't be there at
> I still think that with `one server only' restrictions, both client
> generated and server generated have exactly the same privacy problems.
Now I'm confused. I think you're objecting to having a renegotation,
but what your'e proposing - `one server only' - would require that for
server-generated id's anyway.