W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Alt-Svc WGLC

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 13 Jan 2016 14:22:11 +1100
Message-ID: <CABkgnnXDi2TyvX+7XkvxJprxck7nku_XaoSOS2KpeQEBzwnweQ@mail.gmail.com>
To: Kyle Rose <krose@krose.org>
Cc: Julian Reschke <julian.reschke@gmx.de>, Hervé Ruellan <herve.ruellan@crf.canon.fr>, HTTP Working Group <ietf-http-wg@w3.org>
On 13 January 2016 at 14:03, Kyle Rose <krose@krose.org> wrote:
>> 1. the alternative service must be authenticated as the origin host
>
> If this is the case, then we should simply state that "Clients MUST
> NOT use an alternative service that does not strongly authenticate
> with the origin's identity."

There may be some reluctance to write text that duplicates other RFCs.

I think that we can get over that and include that statement.  Adding
a citation for RFC 7230 should avoid any potential confusion about
whether this is intended to override any guidance there.

>> 2. if the alt-svc advertisement isn't authenticated, the host can't be
>> different to the origin.
...
> "Clients MUST NOT use an alternative service whose host is different
> from the origin's if the alternative service advertisement was not
> strongly authenticated."

That works for me.  Julian, do you think that these statements could
be added to the root of Section 9?
Received on Wednesday, 13 January 2016 03:22:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:10 UTC