Re: non authenticated alternate services (was Re: AD review of draft-ietf-httpbis-alt-svc-10)

> On 19 Jan 2016, at 7:32 am, Patrick McManus <pmcmanus@mozilla.com> wrote:
> 
>> If the phrase "strong authentication" is making this hard to understand, we might use something else (e.g., "have reasonable assurances that the alternative service is under control of the origin").
> 
> that's better. maybe tweak with the "valid for the whole origin" concept? That would certainly include both valid cert as well as the .wk approach.. 

WFM. I'll update the branch.

--
Mark Nottingham   https://www.mnot.net/

Received on Monday, 18 January 2016 23:15:53 UTC