W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: non authenticated alternate services (was Re: AD review of draft-ietf-httpbis-alt-svc-10)

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 19 Jan 2016 11:39:54 +1100
Cc: Kari Hurtta <hurtta-ietf@elmme-mailer.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mike Bishop <Michael.Bishop@microsoft.com>, Barry Leiba <barryleiba@computer.org>, "Julian F. Reschke" <julian.reschke@gmx.de>, "draft-ietf-httpbis-alt-svc@ietf.org" <draft-ietf-httpbis-alt-svc@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <D197631B-87FF-4D37-8C13-9550BD533D16@mnot.net>
To: Patrick McManus <pmcmanus@mozilla.com>

> On 19 Jan 2016, at 10:15 am, Mark Nottingham <mnot@mnot.net> wrote:
> 
> 
>> On 19 Jan 2016, at 7:32 am, Patrick McManus <pmcmanus@mozilla.com> wrote:
>> 
>>> If the phrase "strong authentication" is making this hard to understand, we might use something else (e.g., "have reasonable assurances that the alternative service is under control of the origin").
>> 
>> that's better. maybe tweak with the "valid for the whole origin" concept? That would certainly include both valid cert as well as the .wk approach.. 
> 
> WFM. I'll update the branch.

Diff from current ED here:
  https://github.com/httpwg/http-extensions/compare/altsvc-samehost?diff=split&name=altsvc-samehost


--
Mark Nottingham   https://www.mnot.net/
Received on Tuesday, 19 January 2016 00:40:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC