- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 13 Jan 2016 13:13:08 +1100
- To: Kyle Rose <krose@krose.org>
- Cc: Julian Reschke <julian.reschke@gmx.de>, Hervé Ruellan <herve.ruellan@crf.canon.fr>, HTTP Working Group <ietf-http-wg@w3.org>
On 12 January 2016 at 13:51, Kyle Rose <krose@krose.org> wrote: > "Clients MUST NOT use an alternative service with a host that is > different from the origin's without the alternative service strongly > authenticating with the origin's identity." There are two rules we need to capture: 1. the alternative service must be authenticated as the origin host 2. if the alt-svc advertisement isn't authenticated, the host can't be different to the origin. If your intent is to capture the second, then this isn't right, because I read this as a restatement of the first.
Received on Wednesday, 13 January 2016 02:13:36 UTC