W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Alt-Svc WGLC

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 13 Jan 2016 13:13:08 +1100
Message-ID: <CABkgnnWj=Xqte-XT1yVUAvLfdKT6HojMDr0SHBe9h_XbA6UAMg@mail.gmail.com>
To: Kyle Rose <krose@krose.org>
Cc: Julian Reschke <julian.reschke@gmx.de>, Hervé Ruellan <herve.ruellan@crf.canon.fr>, HTTP Working Group <ietf-http-wg@w3.org>
On 12 January 2016 at 13:51, Kyle Rose <krose@krose.org> wrote:
> "Clients MUST NOT use an alternative service with a host that is
> different from the origin's without the alternative service strongly
> authenticating with the origin's identity."

There are two rules we need to capture:

1. the alternative service must be authenticated as the origin host
2. if the alt-svc advertisement isn't authenticated, the host can't be
different to the origin.

If your intent is to capture the second, then this isn't right,
because I read this as a restatement of the first.
Received on Wednesday, 13 January 2016 02:13:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:10 UTC