Closed SlyMarbo closed 11 years ago
According the the following post, CREDENTIAL frames are not being used publicly, so I'm marking this as low-priority. If anyone has any need for them, let me know, and I'll increase the priority. https://groups.google.com/d/msg/spdy-dev/SkI3dO5WRY0/rCEcLzIRSDIJ
Since the rewrite, the certificates provided in CREDENTIAL frames are no longer presented to the user in any way, so this is no longer a security issue.
As CREDENTIAL frames don't have a standardised use and no precedent for their use has been set, I'm closing this issue. If anyone wants to use them, feel free to reopen the issue.
Ensure proofs and slot indices are correctly utilised. This is a security issue, since the validity of the certificate cannot be established without proper processing of the proof.