W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: #144: Attacks from Same Host (OppSec)

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 8 Mar 2016 13:54:55 +1100
Cc: HTTP WG <ietf-http-wg@w3.org>
Message-Id: <D0798571-B36C-4410-AFF0-3097BA4C88D4@mnot.net>
To: Martin Thomson <martin.thomson@gmail.com>
OK, I've taken a stab at this here:
  https://github.com/httpwg/http-extensions/commit/c7324f4804f

Martin, I just left the HTTP-TLS stuff in for now; Martin, do you want to try to integrate it into the well-known stuff?

Cheers,


> On 3 Mar 2016, at 11:15 AM, Martin Thomson <martin.thomson@gmail.com> wrote:
> 
> On 3 March 2016 at 10:18, Mark Nottingham <mnot@mnot.net> wrote:
>>> If the alternative is actually an alternative, the .well-known
>>> solution should produce files in both places.  So checking both won't
>>> just especially.
>> 
>> parse error
> 
> ...clucking autocorrect.  I mean to say that checking both won't hurt
> especially.  It might slow switchover times, but alt-svc was never
> going to fast because it doesn't need to be.
> 

--
Mark Nottingham   https://www.mnot.net/
Received on Tuesday, 8 March 2016 02:55:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC