W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Alt-Svc WGLC

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 12 Jan 2016 10:43:38 +1100
Message-ID: <CABkgnnWu-oy9Ax1A=E+4GJ47YGKZa3SLHi0a5kendxNX=q5zaQ@mail.gmail.com>
To: Kyle Rose <krose@krose.org>
Cc: Julian Reschke <julian.reschke@gmx.de>, Hervé Ruellan <herve.ruellan@crf.canon.fr>, HTTP Working Group <ietf-http-wg@w3.org>
On 12 January 2016 at 03:05, Kyle Rose <krose@krose.org> wrote:
> How about "Clients MUST NOT use an alternative service with a host
> that is different from the origin's without strong server
> authentication of the alternative service declaration"?

That changes the intent.  The server that is ultimately contacted
(after all the alt-svc shenannigans) MUST be authoritative for the
origin of the resources that it serves.

Yes, we want to authenticate the alt-svc declaration, but that isn't
actually a necessary precondition on getting what we really want: an
authority for the resource itself.
Received on Monday, 11 January 2016 23:44:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:10 UTC