W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Alt-Svc WGLC

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 14 Jan 2016 14:04:16 +1100
Message-ID: <CABkgnnUCY4tOOtrH8VV5yFaRQ1OhEAqvh6kV30pmtSSF8EzmVA@mail.gmail.com>
To: Erik Nygren <erik@nygren.org>
Cc: Kyle Rose <krose@krose.org>, Julian Reschke <julian.reschke@gmx.de>, Hervé Ruellan <herve.ruellan@crf.canon.fr>, HTTP Working Group <ietf-http-wg@w3.org>
On 14 January 2016 at 09:42, Erik Nygren <erik@nygren.org> wrote:
> Clients MUST NOT use alternative services
> without strong server authentication; this mitigates the attack described in
> Section 9.2.


Does this refer to the alternative service server, or the server that
advertises the alternative service?  That's a major source of
confusion here.
Received on Thursday, 14 January 2016 03:04:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:10 UTC