- From: 陈智昌 <willchan@chromium.org>
- Date: Wed, 21 May 2014 17:25:03 -0700
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Received on Thursday, 22 May 2014 00:25:35 UTC
I've skimmed the draft in more detail now and have nits: * Grammar in section 6.3. - "A browser client MUST clear persisted all alternative service information when clearing other origin-based state (i.e., cookies)." * Please consistently use "alternative services" instead of "alternate services". I don't feel very strongly, but I am not sure where the times for the operational considerations are coming from. IIRC, HSTS and HPKP use much longer max-ages. Why does this draft suggest capping at 1 month? Cheers. On Mon, May 19, 2014 at 8:59 PM, Martin Thomson <martin.thomson@gmail.com>wrote: > On 19 May 2014 20:42, Mark Nottingham <mnot@mnot.net> wrote: > > FYI - Martin went away and did some substantial revision of this draft, > and is now an author. > > The changes incorporate a draft you might have seen, but I didn't > announce. The main innovation here is a way to make the whole thing > sticky in an effort to reduce the opportunity for downgrade attack. > Pretty standard stuff, but included as a bit of a thought experiment > as well as a bit of a test to see what people think. > >
Received on Thursday, 22 May 2014 00:25:35 UTC