- From: Yoav Nir <ynir@checkpoint.com>
- Date: Wed, 3 Jul 2013 07:33:06 +0000
- To: "Ludin, Stephen" <sludin@akamai.com>
- CC: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Jul 3, 2013, at 3:02 AM, "Ludin, Stephen" <sludin@akamai.com> wrote: > Here is an idea to chew on. It has been discussed before, but if there > was a concept of returning multiple certs in the ServerHello which > indicate other common names the origin is authorized to serve I tight > provide a path forward to serving related content from those domains. For > example, if the origin serves an html response on domain1.com which has > references to objects on otherdomain.com AND the origin has a valid > certificate for otherdomain.com it has a mechanism to 'prove' to the > client that it is authorized to push that content. > > At this point I am rewriting TLS as well as getting far from the original > subject. Probably best to continue in a fresh thread if there is interest. Hi Stephen. This is authorization at the HTTP level. I don't think this should go in TLS just because TLS has a mechanism for showing certificates. Also if you do want it to go in TLS, there's an RFC for that: http://tools.ietf.org/html/rfc5878 . This allows for sending arbitrary authorization information. Alternatively, you could add this in HTTP as a header or as a new frame type. Yoav
Received on Wednesday, 3 July 2013 07:33:44 UTC